[ Index ]

PHP Cross Reference of MyBB 1.8.27

title

Body

[close]

/ -> member.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'member.php');
  14  define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword,viewnotes");
  15  
  16  $nosession['avatar'] = 1;
  17  
  18  $templatelist = "member_register,member_register_hiddencaptcha,member_register_coppa,member_register_agreement_coppa,member_register_agreement,member_register_customfield,member_register_requiredfields,member_profile_findthreads";
  19  $templatelist .= ",member_loggedin_notice,member_profile_away,member_register_regimage,member_register_regimage_recaptcha_invisible,member_register_regimage_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_captcha_hidden,post_captcha,member_register_referrer";
  20  $templatelist .= ",member_profile_email,member_profile_offline,member_profile_reputation,member_profile_warn,member_profile_warninglevel,member_profile_warninglevel_link,member_profile_customfields_field,member_profile_customfields,member_profile_adminoptions_manageban,member_profile_adminoptions,member_profile";
  21  $templatelist .= ",member_profile_signature,member_profile_avatar,member_profile_groupimage,member_referrals_link,member_profile_referrals,member_profile_website,member_profile_reputation_vote,member_activate,member_lostpw,member_register_additionalfields";
  22  $templatelist .= ",member_profile_modoptions_manageuser,member_profile_modoptions_editprofile,member_profile_modoptions_banuser,member_profile_modoptions_viewnotes,member_profile_modoptions_editnotes,member_profile_modoptions_purgespammer";
  23  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,member_viewnotes";
  24  $templatelist .= ",member_register_question,member_register_question_refresh,usercp_options_timezone,usercp_options_timezone_option,usercp_options_language_option,member_profile_customfields_field_multi_item,member_profile_customfields_field_multi";
  25  $templatelist .= ",member_profile_contact_fields_google,member_profile_contact_fields_icq,member_profile_contact_fields_skype,member_profile_pm,member_profile_contact_details,member_profile_modoptions_manageban";
  26  $templatelist .= ",member_profile_banned_remaining,member_profile_addremove,member_emailuser_guest,member_register_day,usercp_options_tppselect_option,postbit_warninglevel_formatted,member_profile_userstar,member_profile_findposts";
  27  $templatelist .= ",usercp_options_tppselect,usercp_options_pppselect,member_resetpassword,member_login,member_profile_online,usercp_options_pppselect_option,postbit_reputation_formatted,member_emailuser,usercp_profile_profilefields_text";
  28  $templatelist .= ",member_profile_modoptions_ipaddress,member_profile_modoptions,member_profile_banned,member_register_language,member_resendactivation,usercp_profile_profilefields_checkbox,member_register_password,member_coppa_form";
  29  
  30  require_once  "./global.php";
  31  require_once  MYBB_ROOT."inc/functions_post.php";
  32  require_once  MYBB_ROOT."inc/functions_user.php";
  33  require_once  MYBB_ROOT."inc/class_parser.php";
  34  require_once  MYBB_ROOT."inc/functions_modcp.php";
  35  $parser = new postParser;
  36  
  37  // Load global language phrases
  38  $lang->load("member");
  39  
  40  $mybb->input['action'] = $mybb->get_input('action');
  41  
  42  // Make navigation
  43  switch($mybb->input['action'])
  44  {
  45      case "register":
  46      case "do_register":
  47          add_breadcrumb($lang->nav_register);
  48          break;
  49      case "activate":
  50          add_breadcrumb($lang->nav_activate);
  51          break;
  52      case "resendactivation":
  53          add_breadcrumb($lang->nav_resendactivation);
  54          break;
  55      case "lostpw":
  56          add_breadcrumb($lang->nav_lostpw);
  57          break;
  58      case "resetpassword":
  59          add_breadcrumb($lang->nav_resetpassword);
  60          break;
  61      case "login":
  62          add_breadcrumb($lang->nav_login);
  63          break;
  64      case "emailuser":
  65          add_breadcrumb($lang->nav_emailuser);
  66          break;
  67  }
  68  
  69  if(($mybb->input['action'] == "register" || $mybb->input['action'] == "do_register") && $mybb->usergroup['cancp'] != 1)
  70  {
  71      if($mybb->settings['disableregs'] == 1)
  72      {
  73          error($lang->registrations_disabled);
  74      }
  75      if($mybb->user['uid'] != 0)
  76      {
  77          error($lang->error_alreadyregistered);
  78      }
  79      if($mybb->settings['betweenregstime'] && $mybb->settings['maxregsbetweentime'])
  80      {
  81          $time = TIME_NOW;
  82          $datecut = $time-(60*60*$mybb->settings['betweenregstime']);
  83          $query = $db->simple_select("users", "*", "regip=".$db->escape_binary($session->packedip)." AND regdate > '$datecut'");
  84          $regcount = $db->num_rows($query);
  85          if($regcount >= $mybb->settings['maxregsbetweentime'])
  86          {
  87              $lang->error_alreadyregisteredtime = $lang->sprintf($lang->error_alreadyregisteredtime, $regcount, $mybb->settings['betweenregstime']);
  88              error($lang->error_alreadyregisteredtime);
  89          }
  90      }
  91  }
  92  
  93  $fromreg = 0;
  94  if($mybb->input['action'] == "do_register" && $mybb->request_method == "post")
  95  {
  96      $plugins->run_hooks("member_do_register_start");
  97  
  98      // Are checking how long it takes for users to register?
  99      if($mybb->settings['regtime'] > 0)
 100      {
 101          // Is the field actually set?
 102          if(isset($mybb->input['regtime']))
 103          {
 104              // Check how long it took for this person to register
 105              $timetook = TIME_NOW - $mybb->get_input('regtime', MyBB::INPUT_INT);
 106  
 107              // See if they registered faster than normal
 108              if($timetook < $mybb->settings['regtime'])
 109              {
 110                  // This user registered pretty quickly, bot detected!
 111                  $lang->error_spam_deny_time = $lang->sprintf($lang->error_spam_deny_time, $mybb->settings['regtime'], $timetook);
 112                  error($lang->error_spam_deny_time);
 113              }
 114          }
 115          else
 116          {
 117              error($lang->error_spam_deny);
 118          }
 119      }
 120  
 121      // If we have hidden CATPCHA enabled and it's filled, deny registration
 122      if($mybb->settings['hiddencaptchaimage'])
 123      {
 124          $string = $mybb->settings['hiddencaptchaimagefield'];
 125  
 126          if(!empty($mybb->input[$string]))
 127          {
 128              error($lang->error_spam_deny);
 129          }
 130      }
 131  
 132      if($mybb->settings['regtype'] == "randompass")
 133      {
 134  
 135          $password_length = (int)$mybb->settings['minpasswordlength'];
 136          if($password_length < 8)
 137          {
 138              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
 139          }
 140  
 141          $mybb->input['password'] = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
 142          $mybb->input['password2'] = $mybb->input['password'];
 143      }
 144  
 145      if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 146      {
 147          $usergroup = 5;
 148      }
 149      else
 150      {
 151          $usergroup = 2;
 152      }
 153  
 154      // Set up user handler.
 155      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 156      $userhandler = new UserDataHandler("insert");
 157  
 158      $coppauser = 0;
 159      if(isset($mybb->cookies['coppauser']))
 160      {
 161          $coppauser = (int)$mybb->cookies['coppauser'];
 162      }
 163  
 164      // Set the data for the new user.
 165      $user = array(
 166          "username" => $mybb->get_input('username'),
 167          "password" => $mybb->get_input('password'),
 168          "password2" => $mybb->get_input('password2'),
 169          "email" => $mybb->get_input('email'),
 170          "email2" => $mybb->get_input('email2'),
 171          "usergroup" => $usergroup,
 172          "referrer" => $mybb->get_input('referrername'),
 173          "timezone" => $mybb->get_input('timezoneoffset'),
 174          "language" => $mybb->get_input('language'),
 175          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY),
 176          "regip" => $session->packedip,
 177          "coppa_user" => $coppauser,
 178          "regcheck1" => $mybb->get_input('regcheck1'),
 179          "regcheck2" => $mybb->get_input('regcheck2'),
 180          "registration" => true
 181      );
 182  
 183      // Do we have a saved COPPA DOB?
 184      if(isset($mybb->cookies['coppadob']))
 185      {
 186          list($dob_day, $dob_month, $dob_year) = explode("-", $mybb->cookies['coppadob']);
 187          $user['birthday'] = array(
 188              "day" => $dob_day,
 189              "month" => $dob_month,
 190              "year" => $dob_year
 191          );
 192      }
 193  
 194      $user['options'] = array(
 195          "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT),
 196          "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT),
 197          "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT),
 198          "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT),
 199          "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT),
 200          "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT),
 201          "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT),
 202          "dstcorrection" => $mybb->get_input('dstcorrection')
 203      );
 204  
 205      $userhandler->set_data($user);
 206  
 207      $errors = array();
 208  
 209      if(!$userhandler->validate_user())
 210      {
 211          $errors = $userhandler->get_friendly_errors();
 212      }
 213  
 214      if($mybb->settings['enablestopforumspam_on_register'])
 215      {
 216          require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 217  
 218          $stop_forum_spam_checker = new StopForumSpamChecker(
 219              $plugins,
 220              $mybb->settings['stopforumspam_min_weighting_before_spam'],
 221              $mybb->settings['stopforumspam_check_usernames'],
 222              $mybb->settings['stopforumspam_check_emails'],
 223              $mybb->settings['stopforumspam_check_ips'],
 224              $mybb->settings['stopforumspam_log_blocks']
 225          );
 226  
 227          try {
 228              if($stop_forum_spam_checker->is_user_a_spammer($user['username'], $user['email'], get_ip()))
 229              {
 230                  error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 231                          $stop_forum_spam_checker->getErrorText(array(
 232                              'stopforumspam_check_usernames',
 233                              'stopforumspam_check_emails',
 234                              'stopforumspam_check_ips'
 235                              ))));
 236              }
 237          }
 238          catch (Exception $e)
 239          {
 240              if($mybb->settings['stopforumspam_block_on_error'])
 241              {
 242                  error($lang->error_stop_forum_spam_fetching);
 243              }
 244          }
 245      }
 246  
 247      if($mybb->settings['captchaimage'])
 248      {
 249          require_once  MYBB_ROOT.'inc/class_captcha.php';
 250          $captcha = new captcha;
 251  
 252          if($captcha->validate_captcha() == false)
 253          {
 254              // CAPTCHA validation failed
 255              foreach($captcha->get_errors() as $error)
 256              {
 257                  $errors[] = $error;
 258              }
 259          }
 260      }
 261  
 262      // If we have a security question, check to see if answer is correct
 263      if($mybb->settings['securityquestion'])
 264      {
 265          $question_id = $db->escape_string($mybb->get_input('question_id'));
 266          $answer = $db->escape_string($mybb->get_input('answer'));
 267  
 268          $query = $db->query("
 269              SELECT q.*, s.sid
 270              FROM ".TABLE_PREFIX."questionsessions s
 271              LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
 272              WHERE q.active='1' AND s.sid='{$question_id}'
 273          ");
 274          if($db->num_rows($query) > 0)
 275          {
 276              $question = $db->fetch_array($query);
 277              $valid_answers = explode("\n", $question['answer']);
 278              $validated = 0;
 279  
 280              foreach($valid_answers as $answers)
 281              {
 282                  if(my_strtolower($answers) == my_strtolower($answer))
 283                  {
 284                      $validated = 1;
 285                  }
 286              }
 287  
 288              if($validated != 1)
 289              {
 290                  $update_question = array(
 291                      "incorrect" => $question['incorrect'] + 1
 292                  );
 293                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 294  
 295                  $errors[] = $lang->error_question_wrong;
 296              }
 297              else
 298              {
 299                  $update_question = array(
 300                      "correct" => $question['correct'] + 1
 301                  );
 302                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 303              }
 304  
 305              $db->delete_query("questionsessions", "sid='{$question_id}'");
 306          }
 307      }
 308  
 309      $regerrors = '';
 310      if(!empty($errors))
 311      {
 312          $username = htmlspecialchars_uni($mybb->get_input('username'));
 313          $email = htmlspecialchars_uni($mybb->get_input('email'));
 314          $email2 = htmlspecialchars_uni($mybb->get_input('email2'));
 315          $referrername = htmlspecialchars_uni($mybb->get_input('referrername'));
 316  
 317          $allownoticescheck = $hideemailcheck = $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
 318          $receivepmscheck = $pmnoticecheck = $pmnotifycheck = $invisiblecheck = $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
 319  
 320          if($mybb->get_input('allownotices', MyBB::INPUT_INT) == 1)
 321          {
 322              $allownoticescheck = "checked=\"checked\"";
 323          }
 324  
 325          if($mybb->get_input('hideemail', MyBB::INPUT_INT) == 1)
 326          {
 327              $hideemailcheck = "checked=\"checked\"";
 328          }
 329  
 330          if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 1)
 331          {
 332              $no_subscribe_selected = "selected=\"selected\"";
 333          }
 334          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 2)
 335          {
 336              $instant_email_subscribe_selected = "selected=\"selected\"";
 337          }
 338          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 3)
 339          {
 340              $instant_pm_subscribe_selected = "selected=\"selected\"";
 341          }
 342          else
 343          {
 344              $no_auto_subscribe_selected = "selected=\"selected\"";
 345          }
 346  
 347          if($mybb->get_input('receivepms', MyBB::INPUT_INT) == 1)
 348          {
 349              $receivepmscheck = "checked=\"checked\"";
 350          }
 351  
 352          if($mybb->get_input('pmnotice', MyBB::INPUT_INT) == 1)
 353          {
 354              $pmnoticecheck = " checked=\"checked\"";
 355          }
 356  
 357          if($mybb->get_input('pmnotify', MyBB::INPUT_INT) == 1)
 358          {
 359              $pmnotifycheck = "checked=\"checked\"";
 360          }
 361  
 362          if($mybb->get_input('invisible', MyBB::INPUT_INT) == 1)
 363          {
 364              $invisiblecheck = "checked=\"checked\"";
 365          }
 366  
 367          if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 2)
 368          {
 369              $dst_auto_selected = "selected=\"selected\"";
 370          }
 371          else if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 1)
 372          {
 373              $dst_enabled_selected = "selected=\"selected\"";
 374          }
 375          else
 376          {
 377              $dst_disabled_selected = "selected=\"selected\"";
 378          }
 379  
 380          $regerrors = inline_error($errors);
 381          $mybb->input['action'] = "register";
 382          $fromreg = 1;
 383      }
 384      else
 385      {
 386          $user_info = $userhandler->insert_user();
 387  
 388          // Invalidate solved captcha
 389          if($mybb->settings['captchaimage'])
 390          {
 391              $captcha->invalidate_captcha();
 392          }
 393  
 394          if($mybb->settings['regtype'] != "randompass" && !isset($mybb->cookies['coppauser']))
 395          {
 396              // Log them in
 397              my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true, "lax");
 398          }
 399  
 400          if(isset($mybb->cookies['coppauser']))
 401          {
 402              $lang->redirect_registered_coppa_activate = $lang->sprintf($lang->redirect_registered_coppa_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 403              my_unsetcookie("coppauser");
 404              my_unsetcookie("coppadob");
 405              $plugins->run_hooks("member_do_register_end");
 406              error($lang->redirect_registered_coppa_activate);
 407          }
 408          else if($mybb->settings['regtype'] == "verify")
 409          {
 410              $activationcode = random_str();
 411              $now = TIME_NOW;
 412              $activationarray = array(
 413                  "uid" => $user_info['uid'],
 414                  "dateline" => TIME_NOW,
 415                  "code" => $activationcode,
 416                  "type" => "r"
 417              );
 418              $db->insert_query("awaitingactivation", $activationarray);
 419              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 420              switch($mybb->settings['username_method'])
 421              {
 422                  case 0:
 423                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 424                      break;
 425                  case 1:
 426                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 427                      break;
 428                  case 2:
 429                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 430                      break;
 431                  default:
 432                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 433                      break;
 434              }
 435              my_mail($user_info['email'], $emailsubject, $emailmessage);
 436  
 437              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 438  
 439              $plugins->run_hooks("member_do_register_end");
 440  
 441              error($lang->redirect_registered_activation);
 442          }
 443          else if($mybb->settings['regtype'] == "randompass")
 444          {
 445              $emailsubject = $lang->sprintf($lang->emailsubject_randompassword, $mybb->settings['bbname']);
 446              switch($mybb->settings['username_method'])
 447              {
 448                  case 0:
 449                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 450                      break;
 451                  case 1:
 452                      $emailmessage = $lang->sprintf($lang->email_randompassword1, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 453                      break;
 454                  case 2:
 455                      $emailmessage = $lang->sprintf($lang->email_randompassword2, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 456                      break;
 457                  default:
 458                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 459                      break;
 460              }
 461              my_mail($user_info['email'], $emailsubject, $emailmessage);
 462  
 463              $plugins->run_hooks("member_do_register_end");
 464  
 465              error($lang->redirect_registered_passwordsent);
 466          }
 467          else if($mybb->settings['regtype'] == "admin")
 468          {
 469              $groups = $cache->read("usergroups");
 470              $admingroups = array();
 471              if(!empty($groups)) // Shouldn't be...
 472              {
 473                  foreach($groups as $group)
 474                  {
 475                      if($group['cancp'] == 1)
 476                      {
 477                          $admingroups[] = (int)$group['gid'];
 478                      }
 479                  }
 480              }
 481  
 482              if(!empty($admingroups))
 483              {
 484                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 485                  foreach($admingroups as $admingroup)
 486                  {
 487                      switch($db->type)
 488                      {
 489                          case 'pgsql':
 490                          case 'sqlite':
 491                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 492                              break;
 493                          default:
 494                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 495                              break;
 496                      }
 497                  }
 498                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 499                  while($recipient = $db->fetch_array($q))
 500                  {
 501                      // First we check if the user's a super admin: if yes, we don't care about permissions
 502                      $is_super_admin = is_super_admin($recipient['uid']);
 503                      if(!$is_super_admin)
 504                      {
 505                          // Include admin functions
 506                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 507                          {
 508                              continue;
 509                          }
 510  
 511                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 512  
 513                          // Verify if we have permissions to access user-users
 514                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 515                          if(function_exists("user_admin_permissions"))
 516                          {
 517                              // Get admin permissions
 518                              $adminperms = get_admin_permissions($recipient['uid']);
 519  
 520                              $permissions = user_admin_permissions();
 521                              if(array_key_exists('users', $permissions['permissions']) && $adminperms['user']['users'] != 1)
 522                              {
 523                                  continue; // No permissions
 524                              }
 525                          }
 526                      }
 527  
 528                      // Load language
 529                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 530                      {
 531                          $reset_lang = true;
 532                          $lang->set_language($recipient['language']);
 533                          $lang->load("member");
 534                      }
 535  
 536                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 537                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 538                      my_mail($recipient['email'], $subject, $message);
 539                  }
 540  
 541                  // Reset language
 542                  if(isset($reset_lang))
 543                  {
 544                      $lang->set_language($mybb->settings['bblanguage']);
 545                      $lang->load("member");
 546                  }
 547              }
 548  
 549              $lang->redirect_registered_admin_activate = $lang->sprintf($lang->redirect_registered_admin_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 550  
 551              $plugins->run_hooks("member_do_register_end");
 552  
 553              error($lang->redirect_registered_admin_activate);
 554          }
 555          else if($mybb->settings['regtype'] == "both")
 556          {
 557              $groups = $cache->read("usergroups");
 558              $admingroups = array();
 559              if(!empty($groups)) // Shouldn't be...
 560              {
 561                  foreach($groups as $group)
 562                  {
 563                      if($group['cancp'] == 1)
 564                      {
 565                          $admingroups[] = (int)$group['gid'];
 566                      }
 567                  }
 568              }
 569  
 570              if(!empty($admingroups))
 571              {
 572                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 573                  foreach($admingroups as $admingroup)
 574                  {
 575                      switch($db->type)
 576                      {
 577                          case 'pgsql':
 578                          case 'sqlite':
 579                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 580                              break;
 581                          default:
 582                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 583                              break;
 584                      }
 585                  }
 586                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 587                  while($recipient = $db->fetch_array($q))
 588                  {
 589                      // First we check if the user's a super admin: if yes, we don't care about permissions
 590                      $is_super_admin = is_super_admin($recipient['uid']);
 591                      if(!$is_super_admin)
 592                      {
 593                          // Include admin functions
 594                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 595                          {
 596                              continue;
 597                          }
 598  
 599                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 600  
 601                          // Verify if we have permissions to access user-users
 602                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 603                              // Get admin permissions
 604                              $adminperms = get_admin_permissions($recipient['uid']);
 605                              if(empty($adminperms['user']['users']) || $adminperms['user']['users'] != 1)
 606                              {
 607                                  continue; // No permissions
 608                              }
 609                      }
 610  
 611                      // Load language
 612                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 613                      {
 614                          $reset_lang = true;
 615                          $lang->set_language($recipient['language']);
 616                          $lang->load("member");
 617                      }
 618  
 619                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 620                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 621                      my_mail($recipient['email'], $subject, $message);
 622                  }
 623  
 624                  // Reset language
 625                  if(isset($reset_lang))
 626                  {
 627                      $lang->set_language($mybb->settings['bblanguage']);
 628                      $lang->load("member");
 629                  }
 630              }
 631  
 632              $activationcode = random_str();
 633              $activationarray = array(
 634                  "uid" => $user_info['uid'],
 635                  "dateline" => TIME_NOW,
 636                  "code" => $activationcode,
 637                  "type" => "b"
 638              );
 639              $db->insert_query("awaitingactivation", $activationarray);
 640              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 641              switch($mybb->settings['username_method'])
 642              {
 643                  case 0:
 644                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 645                      break;
 646                  case 1:
 647                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 648                      break;
 649                  case 2:
 650                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 651                      break;
 652                  default:
 653                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 654                      break;
 655              }
 656              my_mail($user_info['email'], $emailsubject, $emailmessage);
 657  
 658              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 659  
 660              $plugins->run_hooks("member_do_register_end");
 661  
 662              error($lang->redirect_registered_activation);
 663          }
 664          else
 665          {
 666              $lang->redirect_registered = $lang->sprintf($lang->redirect_registered, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 667  
 668              $plugins->run_hooks("member_do_register_end");
 669  
 670              redirect("index.php", $lang->redirect_registered);
 671          }
 672      }
 673  }
 674  
 675  if($mybb->input['action'] == "coppa_form")
 676  {
 677      if(!$mybb->settings['faxno'])
 678      {
 679          $mybb->settings['faxno'] = "&nbsp;";
 680      }
 681  
 682      $plugins->run_hooks("member_coppa_form");
 683  
 684      eval("\$coppa_form = \"".$templates->get("member_coppa_form")."\";");
 685      output_page($coppa_form);
 686  }
 687  
 688  if($mybb->input['action'] == "register")
 689  {
 690      $bdaysel = '';
 691      if($mybb->settings['coppa'] == "disabled")
 692      {
 693          $bdaysel = $bday2blank = '';
 694      }
 695      $mybb->input['bday1'] = $mybb->get_input('bday1', MyBB::INPUT_INT);
 696      for($day = 1; $day <= 31; ++$day)
 697      {
 698          $selected = '';
 699          if($mybb->input['bday1'] == $day)
 700          {
 701              $selected = " selected=\"selected\"";
 702          }
 703  
 704          eval("\$bdaysel .= \"".$templates->get("member_register_day")."\";");
 705      }
 706  
 707      $mybb->input['bday2'] = $mybb->get_input('bday2', MyBB::INPUT_INT);
 708      $bdaymonthsel = array();
 709      foreach(range(1, 12) as $number)
 710      {
 711          $bdaymonthsel[$number] = '';
 712      }
 713      $bdaymonthsel[$mybb->input['bday2']] = "selected=\"selected\"";
 714      $birthday_year = $mybb->get_input('bday3', MyBB::INPUT_INT);
 715  
 716      if($birthday_year == 0)
 717      {
 718          $birthday_year = '';
 719      }
 720  
 721      // Is COPPA checking enabled?
 722      if($mybb->settings['coppa'] != "disabled" && !isset($mybb->input['step']))
 723      {
 724          // Just selected DOB, we check
 725          if($mybb->input['bday1'] && $mybb->input['bday2'] && $birthday_year)
 726          {
 727              my_unsetcookie("coppauser");
 728  
 729              $months = get_bdays($birthday_year);
 730              if($mybb->input['bday2'] < 1 || $mybb->input['bday2'] > 12 || $birthday_year < (date("Y")-100) || $birthday_year > date("Y") || $mybb->input['bday1'] > $months[$mybb->input['bday2']-1])
 731              {
 732                  error($lang->error_invalid_birthday);
 733              }
 734  
 735              $bdaytime = @mktime(0, 0, 0, $mybb->input['bday2'], $mybb->input['bday1'], $birthday_year);
 736  
 737              // Store DOB in cookie so we can save it with the registration
 738              my_setcookie("coppadob", "{$mybb->input['bday1']}-{$mybb->input['bday2']}-{$birthday_year}", -1);
 739  
 740              // User is <= 13, we mark as a coppa user
 741              if($bdaytime >= mktime(0, 0, 0, my_date('n'), my_date('d'), my_date('Y')-13))
 742              {
 743                  my_setcookie("coppauser", 1, -0);
 744                  $under_thirteen = true;
 745              }
 746              $mybb->request_method = "";
 747          }
 748          // Show DOB select form
 749          else
 750          {
 751              $plugins->run_hooks("member_register_coppa");
 752  
 753              my_unsetcookie("coppauser");
 754  
 755              $coppa_desc = $mybb->settings['coppa'] == 'deny' ? $lang->coppa_desc_for_deny : $lang->coppa_desc;
 756              eval("\$coppa = \"".$templates->get("member_register_coppa")."\";");
 757              output_page($coppa);
 758              exit;
 759          }
 760      }
 761  
 762      if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) && $fromreg == 0 || $mybb->request_method != "post")
 763      {
 764          $coppa_agreement = '';
 765          // Is this user a COPPA user? We need to show the COPPA agreement too
 766          if($mybb->settings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen))
 767          {
 768              if($mybb->settings['coppa'] == "deny")
 769              {
 770                  error($lang->error_need_to_be_thirteen);
 771              }
 772              $lang->coppa_agreement_1 = $lang->sprintf($lang->coppa_agreement_1, $mybb->settings['bbname']);
 773              eval("\$coppa_agreement = \"".$templates->get("member_register_agreement_coppa")."\";");
 774          }
 775  
 776          $plugins->run_hooks("member_register_agreement");
 777  
 778          eval("\$agreement = \"".$templates->get("member_register_agreement")."\";");
 779          output_page($agreement);
 780      }
 781      else
 782      {
 783          $plugins->run_hooks("member_register_start");
 784  
 785          // JS validator extra
 786          if($mybb->settings['maxnamelength'] > 0 && $mybb->settings['minnamelength'] > 0)
 787          {
 788              $lang->js_validator_username_length = $lang->sprintf($lang->js_validator_username_length, $mybb->settings['minnamelength'], $mybb->settings['maxnamelength']);
 789          }
 790  
 791          if(isset($mybb->input['timezoneoffset']))
 792          {
 793              $timezoneoffset = $mybb->get_input('timezoneoffset');
 794          }
 795          else
 796          {
 797              $timezoneoffset = $mybb->settings['timezoneoffset'];
 798          }
 799          $tzselect = build_timezone_select("timezoneoffset", $timezoneoffset, true);
 800  
 801          $stylelist = build_theme_select("style");
 802  
 803          if($mybb->settings['usertppoptions'])
 804          {
 805              $tppoptions = '';
 806              $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 807              if(is_array($explodedtpp))
 808              {
 809                  foreach($explodedtpp as $val)
 810                  {
 811                      $val = trim($val);
 812                      $tpp_option = $lang->sprintf($lang->tpp_option, $val);
 813                      eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";");
 814                  }
 815              }
 816              eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";");
 817          }
 818          if($mybb->settings['userpppoptions'])
 819          {
 820              $pppoptions = '';
 821              $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 822              if(is_array($explodedppp))
 823              {
 824                  foreach($explodedppp as $val)
 825                  {
 826                      $val = trim($val);
 827                      $ppp_option = $lang->sprintf($lang->ppp_option, $val);
 828                      eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";");
 829                  }
 830              }
 831              eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";");
 832          }
 833          if($mybb->settings['usereferrals'] == 1 && !$mybb->user['uid'])
 834          {
 835              if(isset($mybb->cookies['mybb']['referrer']))
 836              {
 837                  $query = $db->simple_select("users", "uid,username", "uid='".(int)$mybb->cookies['mybb']['referrer']."'");
 838                  $ref = $db->fetch_array($query);
 839                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 840                  $referrername = $ref['username'];
 841              }
 842              elseif(isset($referrer))
 843              {
 844                  $query = $db->simple_select("users", "username", "uid='".(int)$referrer['uid']."'");
 845                  $ref = $db->fetch_array($query);
 846                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 847                  $referrername = $ref['username'];
 848              }
 849              elseif(!empty($referrername))
 850              {
 851                  $ref = get_user_by_username($referrername);
 852                  if(!$ref['uid'])
 853                  {
 854                      $errors[] = $lang->error_badreferrer;
 855                  }
 856              }
 857              else
 858              {
 859                  $referrername = '';
 860              }
 861              if(isset($quickreg))
 862              {
 863                  $refbg = "trow1";
 864              }
 865              else
 866              {
 867                  $refbg = "trow2";
 868              }
 869              eval("\$referrer = \"".$templates->get("member_register_referrer")."\";");
 870          }
 871          else
 872          {
 873              $referrer = '';
 874          }
 875          $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
 876          // Custom profile fields baby!
 877          $altbg = "trow1";
 878          $requiredfields = $customfields = '';
 879  
 880          if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 881          {
 882              $usergroup = 5;
 883          }
 884          else
 885          {
 886              $usergroup = 2;
 887          }
 888  
 889          $pfcache = $cache->read('profilefields');
 890  
 891          if(is_array($pfcache))
 892          {
 893              $jsvar_reqfields = array();
 894              foreach($pfcache as $profilefield)
 895              {
 896                  if($profilefield['required'] != 1 && $profilefield['registration'] != 1 || !is_member($profilefield['editableby'], array('usergroup' => $mybb->user['usergroup'], 'additionalgroups' => $usergroup)))
 897                  {
 898                      continue;
 899                  }
 900  
 901                  $code = $select = $val = $options = $expoptions = $useropts = '';
 902                  $seloptions = array();
 903                  $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 904                  $thing = explode("\n", $profilefield['type'], "2");
 905                  $type = trim($thing[0]);
 906                  $options = $thing[1];
 907                  $select = '';
 908                  $field = "fid{$profilefield['fid']}";
 909                  $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
 910                  $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 911                  if(!empty($errors) && isset($mybb->input['profile_fields'][$field]))
 912                  {
 913                      $userfield = $mybb->input['profile_fields'][$field];
 914                  }
 915                  else
 916                  {
 917                      $userfield = '';
 918                  }
 919                  if($type == "multiselect")
 920                  {
 921                      if(!empty($errors))
 922                      {
 923                          $useropts = $userfield;
 924                      }
 925                      else
 926                      {
 927                          $useropts = explode("\n", $userfield);
 928                      }
 929                      if(is_array($useropts))
 930                      {
 931                          foreach($useropts as $key => $val)
 932                          {
 933                              $seloptions[$val] = $val;
 934                          }
 935                      }
 936                      $expoptions = explode("\n", $options);
 937                      if(is_array($expoptions))
 938                      {
 939                          foreach($expoptions as $key => $val)
 940                          {
 941                              $val = trim($val);
 942                              $val = str_replace("\n", "\\n", $val);
 943  
 944                              $sel = "";
 945                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
 946                              {
 947                                  $sel = ' selected="selected"';
 948                              }
 949  
 950                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 951                          }
 952                          if(!$profilefield['length'])
 953                          {
 954                              $profilefield['length'] = 3;
 955                          }
 956  
 957                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
 958                      }
 959                  }
 960                  elseif($type == "select")
 961                  {
 962                      $expoptions = explode("\n", $options);
 963                      if(is_array($expoptions))
 964                      {
 965                          foreach($expoptions as $key => $val)
 966                          {
 967                              $val = trim($val);
 968                              $val = str_replace("\n", "\\n", $val);
 969                              $sel = "";
 970                              if($val == $userfield)
 971                              {
 972                                  $sel = ' selected="selected"';
 973                              }
 974  
 975                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 976                          }
 977                          if(!$profilefield['length'])
 978                          {
 979                              $profilefield['length'] = 1;
 980                          }
 981  
 982                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
 983                      }
 984                  }
 985                  elseif($type == "radio")
 986                  {
 987                      $expoptions = explode("\n", $options);
 988                      if(is_array($expoptions))
 989                      {
 990                          foreach($expoptions as $key => $val)
 991                          {
 992                              $checked = "";
 993                              if($val == $userfield)
 994                              {
 995                                  $checked = 'checked="checked"';
 996                              }
 997  
 998                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
 999                          }
1000                      }
1001                  }
1002                  elseif($type == "checkbox")
1003                  {
1004                      if(!empty($errors))
1005                      {
1006                          $useropts = $userfield;
1007                      }
1008                      else
1009                      {
1010                          $useropts = explode("\n", $userfield);
1011                      }
1012                      if(is_array($useropts))
1013                      {
1014                          foreach($useropts as $key => $val)
1015                          {
1016                              $seloptions[$val] = $val;
1017                          }
1018                      }
1019                      $expoptions = explode("\n", $options);
1020                      if(is_array($expoptions))
1021                      {
1022                          foreach($expoptions as $key => $val)
1023                          {
1024                              $checked = "";
1025                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
1026                              {
1027                                  $checked = 'checked="checked"';
1028                              }
1029  
1030                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
1031                          }
1032                      }
1033                  }
1034                  elseif($type == "textarea")
1035                  {
1036                      $value = htmlspecialchars_uni($userfield);
1037                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
1038                  }
1039                  else
1040                  {
1041                      $value = htmlspecialchars_uni($userfield);
1042                      $maxlength = "";
1043                      if($profilefield['maxlength'] > 0)
1044                      {
1045                          $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
1046                      }
1047  
1048                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
1049                  }
1050  
1051                  if($profilefield['required'] == 1)
1052                  {
1053                      // JS validator extra, choose correct selectors for everything except single select which always has value
1054                      if($type != 'select')
1055                      {
1056                          $jsvar_reqfields[] = array(
1057                              'type' => $type,
1058                              'fid' => $field,
1059                          );
1060                      }
1061  
1062                      eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";");
1063                  }
1064                  else
1065                  {
1066                      eval("\$customfields .= \"".$templates->get("member_register_customfield")."\";");
1067                  }
1068              }
1069  
1070              if($requiredfields)
1071              {
1072                  eval("\$requiredfields = \"".$templates->get("member_register_requiredfields")."\";");
1073              }
1074  
1075              if($customfields)
1076              {
1077                  eval("\$customfields = \"".$templates->get("member_register_additionalfields")."\";");
1078              }
1079          }
1080  
1081          if(!isset($fromreg) || $fromreg == 0)
1082          {
1083              $allownoticescheck = "checked=\"checked\"";
1084              $hideemailcheck = '';
1085              $receivepmscheck = "checked=\"checked\"";
1086              $pmnoticecheck = " checked=\"checked\"";
1087              $pmnotifycheck = '';
1088              $invisiblecheck = '';
1089              if($mybb->settings['dstcorrection'] == 1)
1090              {
1091                  $enabledstcheck = "checked=\"checked\"";
1092              }
1093              $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
1094              $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
1095              $username = $email = $email2 = '';
1096              $regerrors = '';
1097          }
1098          // Spambot registration image thingy
1099          $captcha_html = 0;
1100          $regimage = '';
1101          if($mybb->settings['captchaimage'])
1102          {
1103              require_once  MYBB_ROOT.'inc/class_captcha.php';
1104              $captcha = new captcha(true, "member_register_regimage");
1105  
1106              if($captcha->html)
1107              {
1108                  $captcha_html = 1;
1109                  $regimage = $captcha->html;
1110              }
1111          }
1112  
1113          // Security Question
1114          $questionbox = '';
1115          $question_exists = 0;
1116          if($mybb->settings['securityquestion'])
1117          {
1118              $sid = generate_question();
1119              $query = $db->query("
1120                  SELECT q.question, s.sid
1121                  FROM ".TABLE_PREFIX."questionsessions s
1122                  LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
1123                  WHERE q.active='1' AND s.sid='{$sid}'
1124              ");
1125              if($db->num_rows($query) > 0)
1126              {
1127                  $question_exists = 1;
1128                  $question = $db->fetch_array($query);
1129  
1130                  //Set parser options for security question
1131                  $parser_options = array(
1132                      "allow_html" => 0,
1133                      "allow_mycode" => 1,
1134                      "allow_smilies" => 1,
1135                      "allow_imgcode" => 1,
1136                      "allow_videocode" => 1,
1137                      "filter_badwords" => 1,
1138                      "me_username" => 0,
1139                      "shorten_urls" => 0,
1140                      "highlight" => 0,
1141                  );
1142  
1143                  //Parse question
1144                  $question['question'] = $parser->parse_message($question['question'], $parser_options);
1145                  $question['sid'] = htmlspecialchars_uni($question['sid']);
1146  
1147                  $refresh = '';
1148                  // Total questions
1149                  $q = $db->simple_select('questions', 'COUNT(qid) as num', 'active=1');
1150                  $num = $db->fetch_field($q, 'num');
1151                  if($num > 1)
1152                  {
1153                      eval("\$refresh = \"".$templates->get("member_register_question_refresh")."\";");
1154                  }
1155  
1156                  eval("\$questionbox = \"".$templates->get("member_register_question")."\";");
1157              }
1158          }
1159  
1160          $hiddencaptcha = '';
1161          // Hidden CAPTCHA for Spambots
1162          if($mybb->settings['hiddencaptchaimage'])
1163          {
1164              $captcha_field = $mybb->settings['hiddencaptchaimagefield'];
1165  
1166              eval("\$hiddencaptcha = \"".$templates->get("member_register_hiddencaptcha")."\";");
1167          }
1168          if($mybb->settings['regtype'] != "randompass")
1169          {
1170              // JS validator extra
1171              $lang->js_validator_password_length = $lang->sprintf($lang->js_validator_password_length, $mybb->settings['minpasswordlength']);
1172  
1173              // See if the board has "require complex passwords" enabled.
1174              if($mybb->settings['requirecomplexpasswords'] == 1)
1175              {
1176                  $lang->password = $lang->complex_password = $lang->sprintf($lang->complex_password, $mybb->settings['minpasswordlength']);
1177              }
1178              eval("\$passboxes = \"".$templates->get("member_register_password")."\";");
1179          }
1180  
1181          $languages = $lang->get_languages();
1182          $langoptions = $boardlanguage = '';
1183          if(count($languages) > 1)
1184          {
1185              foreach($languages as $name => $language)
1186              {
1187                  $language = htmlspecialchars_uni($language);
1188  
1189                  $sel = '';
1190                  if($mybb->get_input('language') == $name)
1191                  {
1192                      $sel = " selected=\"selected\"";
1193                  }
1194  
1195                  eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";');
1196              }
1197  
1198              eval('$boardlanguage = "'.$templates->get('member_register_language').'";');
1199          }
1200  
1201          // Set the time so we can find automated signups
1202          $time = TIME_NOW;
1203  
1204          $plugins->run_hooks("member_register_end");
1205  
1206          $jsvar_reqfields = json_encode($jsvar_reqfields);
1207  
1208          $validator_javascript = "<script type=\"text/javascript\">
1209              var regsettings = {
1210                  requiredfields: '{$jsvar_reqfields}',
1211                  minnamelength: '{$mybb->settings['minnamelength']}',
1212                  maxnamelength: '{$mybb->settings['maxnamelength']}',
1213                  minpasswordlength: '{$mybb->settings['minpasswordlength']}',
1214                  captchaimage: '{$mybb->settings['captchaimage']}',
1215                  captchahtml: '{$captcha_html}',
1216                  securityquestion: '{$mybb->settings['securityquestion']}',
1217                  questionexists: '{$question_exists}',
1218                  requirecomplexpasswords: '{$mybb->settings['requirecomplexpasswords']}',
1219                  regtype: '{$mybb->settings['regtype']}',
1220                  hiddencaptchaimage: '{$mybb->settings['hiddencaptchaimage']}'
1221              };
1222  
1223              lang.js_validator_no_username = '{$lang->js_validator_no_username}';
1224              lang.js_validator_username_length = '{$lang->js_validator_username_length}';
1225              lang.js_validator_invalid_email = '{$lang->js_validator_invalid_email}';
1226              lang.js_validator_email_match = '{$lang->js_validator_email_match}';
1227              lang.js_validator_not_empty = '{$lang->js_validator_not_empty}';
1228              lang.js_validator_password_length = '{$lang->js_validator_password_length}';
1229              lang.js_validator_password_matches = '{$lang->js_validator_password_matches}';
1230              lang.js_validator_no_image_text = '{$lang->js_validator_no_image_text}';
1231              lang.js_validator_no_security_question = '{$lang->js_validator_no_security_question}';
1232              lang.js_validator_bad_password_security = '{$lang->js_validator_bad_password_security}';
1233          </script>\n";
1234  
1235          eval("\$registration = \"".$templates->get("member_register")."\";");
1236          output_page($registration);
1237      }
1238  }
1239  
1240  if($mybb->input['action'] == "activate")
1241  {
1242      $plugins->run_hooks("member_activate_start");
1243  
1244      if(isset($mybb->input['username']))
1245      {
1246          $mybb->input['username'] = $mybb->get_input('username');
1247          $options = array(
1248              'username_method' => $mybb->settings['username_method'],
1249              'fields' => '*',
1250          );
1251          $user = get_user_by_username($mybb->input['username'], $options);
1252          if(!$user)
1253          {
1254              switch($mybb->settings['username_method'])
1255              {
1256                  case 0:
1257                      error($lang->error_invalidpworusername);
1258                      break;
1259                  case 1:
1260                      error($lang->error_invalidpworusername1);
1261                      break;
1262                  case 2:
1263                      error($lang->error_invalidpworusername2);
1264                      break;
1265                  default:
1266                      error($lang->error_invalidpworusername);
1267                      break;
1268              }
1269          }
1270          $uid = $user['uid'];
1271      }
1272      else
1273      {
1274          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1275      }
1276      if(isset($mybb->input['code']) && $user)
1277      {
1278          $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND (type='r' OR type='e' OR type='b')");
1279          $activation = $db->fetch_array($query);
1280          if(!$activation['uid'])
1281          {
1282              error($lang->error_alreadyactivated);
1283          }
1284          if($activation['code'] !== $mybb->get_input('code'))
1285          {
1286              error($lang->error_badactivationcode);
1287          }
1288  
1289          if($activation['type'] == "b" && $activation['validated'] == 1)
1290          {
1291              error($lang->error_alreadyvalidated);
1292          }
1293  
1294          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND (type='r' OR type='e')");
1295  
1296          if($user['usergroup'] == 5 && $activation['type'] != "e" && $activation['type'] != "b")
1297          {
1298              $db->update_query("users", array("usergroup" => 2), "uid='".$user['uid']."'");
1299  
1300              $cache->update_awaitingactivation();
1301          }
1302          if($activation['type'] == "e")
1303          {
1304              $newemail = array(
1305                  "email" => $db->escape_string($activation['misc']),
1306              );
1307              $db->update_query("users", $newemail, "uid='".$user['uid']."'");
1308              $plugins->run_hooks("member_activate_emailupdated");
1309  
1310              redirect("usercp.php", $lang->redirect_emailupdated);
1311          }
1312          elseif($activation['type'] == "b")
1313          {
1314              $update = array(
1315                  "validated" => 1,
1316              );
1317              $db->update_query("awaitingactivation", $update, "uid='".$user['uid']."' AND type='b'");
1318              $plugins->run_hooks("member_activate_emailactivated");
1319  
1320              redirect("index.php", $lang->redirect_accountactivated_admin, "", true);
1321          }
1322          else
1323          {
1324              $plugins->run_hooks("member_activate_accountactivated");
1325  
1326              redirect("index.php", $lang->redirect_accountactivated);
1327          }
1328      }
1329      else
1330      {
1331          $plugins->run_hooks("member_activate_form");
1332  
1333          $code = htmlspecialchars_uni($mybb->get_input('code'));
1334  
1335          if(!isset($user['username']))
1336          {
1337              $user['username'] = '';
1338          }
1339          $user['username'] = htmlspecialchars_uni($user['username']);
1340  
1341          eval("\$activate = \"".$templates->get("member_activate")."\";");
1342          output_page($activate);
1343      }
1344  }
1345  
1346  if($mybb->input['action'] == "do_resendactivation" && $mybb->request_method == "post")
1347  {
1348      $plugins->run_hooks("member_do_resendactivation_start");
1349  
1350      if($mybb->settings['regtype'] == "admin")
1351      {
1352          error($lang->error_activated_by_admin);
1353      }
1354  
1355      $errors = array();
1356  
1357      if($mybb->settings['captchaimage'])
1358      {
1359          require_once  MYBB_ROOT.'inc/class_captcha.php';
1360          $captcha = new captcha;
1361  
1362          if($captcha->validate_captcha() == false)
1363          {
1364              // CAPTCHA validation failed
1365              foreach($captcha->get_errors() as $error)
1366              {
1367                  $errors[] = $error;
1368              }
1369          }
1370      }
1371  
1372      $query = $db->query("
1373          SELECT u.uid, u.username, u.usergroup, u.email, a.code, a.type, a.validated
1374          FROM ".TABLE_PREFIX."users u
1375          LEFT JOIN ".TABLE_PREFIX."awaitingactivation a ON (a.uid=u.uid AND (a.type='r' OR a.type='b'))
1376          WHERE u.email='".$db->escape_string($mybb->get_input('email'))."'
1377      ");
1378      $numusers = $db->num_rows($query);
1379      if($numusers < 1)
1380      {
1381          error($lang->error_invalidemail);
1382      }
1383      else
1384      {
1385          if(count($errors) == 0)
1386          {
1387              while($user = $db->fetch_array($query))
1388              {
1389                  if($user['type'] == "b" && $user['validated'] == 1)
1390                  {
1391                      error($lang->error_activated_by_admin);
1392                  }
1393  
1394                  if($user['usergroup'] == 5)
1395                  {
1396                      if(!$user['code'])
1397                      {
1398                          $user['code'] = random_str();
1399                          $uid = $user['uid'];
1400                          $awaitingarray = array(
1401                              "uid" => $uid,
1402                              "dateline" => TIME_NOW,
1403                              "code" => $user['code'],
1404                              "type" => $user['type']
1405                          );
1406                          $db->insert_query("awaitingactivation", $awaitingarray);
1407                      }
1408                      $username = $user['username'];
1409                      $email = $user['email'];
1410                      $activationcode = $user['code'];
1411                      $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
1412                      switch($mybb->settings['username_method'])
1413                      {
1414                          case 0:
1415                              $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1416                              break;
1417                          case 1:
1418                              $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1419                              break;
1420                          case 2:
1421                              $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1422                              break;
1423                          default:
1424                              $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1425                              break;
1426                      }
1427                      my_mail($email, $emailsubject, $emailmessage);
1428                  }
1429              }
1430  
1431              $plugins->run_hooks("member_do_resendactivation_end");
1432  
1433              redirect("index.php", $lang->redirect_activationresent);
1434          }
1435          else
1436          {
1437              $mybb->input['action'] = "resendactivation";
1438          }
1439      }
1440  }
1441  
1442  if($mybb->input['action'] == "resendactivation")
1443  {
1444      $plugins->run_hooks("member_resendactivation");
1445  
1446      if($mybb->settings['regtype'] == "admin")
1447      {
1448          error($lang->error_activated_by_admin);
1449      }
1450  
1451      if($mybb->user['uid'] && $mybb->user['usergroup'] != 5)
1452      {
1453          error($lang->error_alreadyactivated);
1454      }
1455  
1456      $query = $db->simple_select("awaitingactivation", "*", "uid='".$mybb->user['uid']."' AND type='b'");
1457      $activation = $db->fetch_array($query);
1458  
1459      if($activation['validated'] == 1)
1460      {
1461          error($lang->error_activated_by_admin);
1462      }
1463  
1464      $captcha = '';
1465      // Generate CAPTCHA?
1466      if($mybb->settings['captchaimage'])
1467      {
1468          require_once  MYBB_ROOT.'inc/class_captcha.php';
1469          $post_captcha = new captcha(true, "post_captcha");
1470  
1471          if($post_captcha->html)
1472          {
1473              $captcha = $post_captcha->html;
1474          }
1475      }
1476  
1477      if(isset($errors) && count($errors) > 0)
1478      {
1479          $errors = inline_error($errors);
1480          $email = htmlspecialchars_uni($mybb->get_input('email'));
1481      }
1482      else
1483      {
1484          $errors = '';
1485          $email = '';
1486      }
1487  
1488      $plugins->run_hooks("member_resendactivation_end");
1489  
1490      eval("\$activate = \"".$templates->get("member_resendactivation")."\";");
1491      output_page($activate);
1492  }
1493  
1494  if($mybb->input['action'] == "do_lostpw" && $mybb->request_method == "post")
1495  {
1496      $plugins->run_hooks("member_do_lostpw_start");
1497  
1498      $errors = array();
1499  
1500      if($mybb->settings['captchaimage'])
1501      {
1502          require_once  MYBB_ROOT.'inc/class_captcha.php';
1503          $captcha = new captcha;
1504  
1505          if($captcha->validate_captcha() == false)
1506          {
1507              // CAPTCHA validation failed
1508              foreach($captcha->get_errors() as $error)
1509              {
1510                  $errors[] = $error;
1511              }
1512          }
1513      }
1514  
1515      $query = $db->simple_select("users", "*", "email='".$db->escape_string($mybb->get_input('email'))."'");
1516      $numusers = $db->num_rows($query);
1517      if($numusers < 1)
1518      {
1519          error($lang->error_invalidemail);
1520      }
1521      else
1522      {
1523          if(count($errors) == 0)
1524          {
1525              while($user = $db->fetch_array($query))
1526              {
1527                  $db->delete_query("awaitingactivation", "uid='{$user['uid']}' AND type='p'");
1528                  $user['activationcode'] = random_str(30);
1529                  $now = TIME_NOW;
1530                  $uid = $user['uid'];
1531                  $awaitingarray = array(
1532                      "uid" => $user['uid'],
1533                      "dateline" => TIME_NOW,
1534                      "code" => $user['activationcode'],
1535                      "type" => "p"
1536                  );
1537                  $db->insert_query("awaitingactivation", $awaitingarray);
1538                  $username = $user['username'];
1539                  $email = $user['email'];
1540                  $activationcode = $user['activationcode'];
1541                  $emailsubject = $lang->sprintf($lang->emailsubject_lostpw, $mybb->settings['bbname']);
1542                  switch($mybb->settings['username_method'])
1543                  {
1544                      case 0:
1545                          $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1546                          break;
1547                      case 1:
1548                          $emailmessage = $lang->sprintf($lang->email_lostpw1, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1549                          break;
1550                      case 2:
1551                          $emailmessage = $lang->sprintf($lang->email_lostpw2, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1552                          break;
1553                      default:
1554                          $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1555                          break;
1556                  }
1557                  my_mail($email, $emailsubject, $emailmessage);
1558              }
1559  
1560              $plugins->run_hooks("member_do_lostpw_end");
1561  
1562              redirect("index.php", $lang->redirect_lostpwsent, "", true);
1563          }
1564          else
1565          {
1566              $mybb->input['action'] = "lostpw";
1567          }
1568      }
1569  }
1570  
1571  if($mybb->input['action'] == "lostpw")
1572  {
1573      $plugins->run_hooks("member_lostpw");
1574  
1575      $captcha = '';
1576      // Generate CAPTCHA?
1577      if($mybb->settings['captchaimage'])
1578      {
1579          require_once  MYBB_ROOT.'inc/class_captcha.php';
1580          $post_captcha = new captcha(true, "post_captcha");
1581  
1582          if($post_captcha->html)
1583          {
1584              $captcha = $post_captcha->html;
1585          }
1586      }
1587  
1588      if(isset($errors) && count($errors) > 0)
1589      {
1590          $errors = inline_error($errors);
1591          $email = htmlspecialchars_uni($mybb->get_input('email'));
1592      }
1593      else
1594      {
1595          $errors = '';
1596          $email = '';
1597      }
1598  
1599      eval("\$lostpw = \"".$templates->get("member_lostpw")."\";");
1600      output_page($lostpw);
1601  }
1602  
1603  if($mybb->input['action'] == "resetpassword")
1604  {
1605      $plugins->run_hooks("member_resetpassword_start");
1606  
1607      if(isset($mybb->input['username']))
1608      {
1609          $mybb->input['username'] = $mybb->get_input('username');
1610          $options = array(
1611              'username_method' => $mybb->settings['username_method'],
1612              'fields' => '*',
1613          );
1614          $user = get_user_by_username($mybb->input['username'], $options);
1615          if(!$user)
1616          {
1617              switch($mybb->settings['username_method'])
1618              {
1619                  case 0:
1620                      error($lang->error_invalidpworusername);
1621                      break;
1622                  case 1:
1623                      error($lang->error_invalidpworusername1);
1624                      break;
1625                  case 2:
1626                      error($lang->error_invalidpworusername2);
1627                      break;
1628                  default:
1629                      error($lang->error_invalidpworusername);
1630                      break;
1631              }
1632          }
1633      }
1634      else
1635      {
1636          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1637      }
1638  
1639      if(isset($mybb->input['code']) && $user)
1640      {
1641          $query = $db->simple_select("awaitingactivation", "code", "uid='".$user['uid']."' AND type='p'");
1642          $activationcode = $db->fetch_field($query, 'code');
1643          $now = TIME_NOW;
1644          if(!$activationcode || $activationcode !== $mybb->get_input('code'))
1645          {
1646              error($lang->error_badlostpwcode);
1647          }
1648          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND type='p'");
1649          $username = $user['username'];
1650  
1651          // Generate a new password, then update it
1652          $password_length = (int)$mybb->settings['minpasswordlength'];
1653  
1654          if($password_length < 8)
1655          {
1656              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
1657          }
1658  
1659          // Set up user handler.
1660          require_once  MYBB_ROOT.'inc/datahandlers/user.php';
1661          $userhandler = new UserDataHandler('update');
1662  
1663          while(!$userhandler->verify_password())
1664          {
1665              $password = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
1666  
1667              $userhandler->set_data(array(
1668                  'uid'        => $user['uid'],
1669                  'username'    => $user['username'],
1670                  'email'        => $user['email'],
1671                  'password'    => $password
1672              ));
1673  
1674              $userhandler->set_validated(true);
1675              $userhandler->errors = array();
1676          }
1677  
1678          $userhandler->update_user();
1679  
1680          $logindetails = array(
1681              'salt'        => $userhandler->data['salt'],
1682              'password'    => $userhandler->data['saltedpw'],
1683              'loginkey'    => $userhandler->data['loginkey'],
1684          );
1685  
1686          $email = $user['email'];
1687  
1688          $plugins->run_hooks("member_resetpassword_process");
1689  
1690          $emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']);
1691          $emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password);
1692          my_mail($email, $emailsubject, $emailmessage);
1693  
1694          $plugins->run_hooks("member_resetpassword_reset");
1695  
1696          error($lang->redirect_passwordreset);
1697      }
1698      else
1699      {
1700          $plugins->run_hooks("member_resetpassword_form");
1701  
1702          switch($mybb->settings['username_method'])
1703          {
1704              case 0:
1705                  $lang_username = $lang->username;
1706                  break;
1707              case 1:
1708                  $lang_username = $lang->username1;
1709                  break;
1710              case 2:
1711                  $lang_username = $lang->username2;
1712                  break;
1713              default:
1714                  $lang_username = $lang->username;
1715                  break;
1716          }
1717  
1718          $code = htmlspecialchars_uni($mybb->get_input('code'));
1719  
1720          if(!isset($mybb->input['username']))
1721          {
1722              $input_username = '';
1723          }
1724          $input_username = htmlspecialchars_uni($mybb->input['username']);
1725  
1726          eval("\$activate = \"".$templates->get("member_resetpassword")."\";");
1727          output_page($activate);
1728      }
1729  }
1730  
1731  $do_captcha = $correct = false;
1732  $inline_errors = "";
1733  if($mybb->input['action'] == "do_login" && $mybb->request_method == "post")
1734  {
1735      verify_post_check($mybb->get_input('my_post_key'));
1736  
1737      $errors = array();
1738  
1739      $plugins->run_hooks("member_do_login_start");
1740  
1741      require_once  MYBB_ROOT."inc/datahandlers/login.php";
1742      $loginhandler = new LoginDataHandler("get");
1743  
1744      if($mybb->get_input('quick_password') && $mybb->get_input('quick_username'))
1745      {
1746          $mybb->input['password'] = $mybb->get_input('quick_password');
1747          $mybb->input['username'] = $mybb->get_input('quick_username');
1748          $mybb->input['remember'] = $mybb->get_input('quick_remember');
1749      }
1750  
1751      $user = array(
1752          'username' => $mybb->get_input('username'),
1753          'password' => $mybb->get_input('password'),
1754          'remember' => $mybb->get_input('remember'),
1755          'imagestring' => $mybb->get_input('imagestring')
1756      );
1757  
1758      $options = array(
1759          'fields' => 'loginattempts',
1760          'username_method' => (int)$mybb->settings['username_method'],
1761      );
1762  
1763      $user_loginattempts = get_user_by_username($user['username'], $options);
1764      if(!empty($user_loginattempts))
1765      {
1766          $user['loginattempts'] = (int)$user_loginattempts['loginattempts'];
1767      }
1768  
1769      $loginhandler->set_data($user);
1770      $validated = $loginhandler->validate_login();
1771  
1772      if(!$validated)
1773      {
1774          $mybb->input['action'] = "login";
1775          $mybb->request_method = "get";
1776  
1777          $login_user_uid = 0;
1778          if(!empty($loginhandler->login_data))
1779          {
1780              $login_user_uid = (int)$loginhandler->login_data['uid'];
1781              $user['loginattempts'] = (int)$loginhandler->login_data['loginattempts'];
1782          }
1783  
1784          // Is a fatal call if user has had too many tries
1785          $logins = login_attempt_check($login_user_uid);
1786  
1787          $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='".$login_user_uid."'", 1, true);
1788  
1789          $errors = $loginhandler->get_friendly_errors();
1790  
1791          // If we need a captcha set it here
1792          if($mybb->settings['failedcaptchalogincount'] > 0 && (isset($user['loginattempts']) && $user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount']))
1793          {
1794              $do_captcha = true;
1795              $correct = $loginhandler->captcha_verified;
1796          }
1797      }
1798      else if($validated && $loginhandler->captcha_verified == true)
1799      {
1800          // Successful login
1801          if($loginhandler->login_data['coppauser'])
1802          {
1803              error($lang->error_awaitingcoppa);
1804          }
1805  
1806          $loginhandler->complete_login();
1807  
1808          $plugins->run_hooks("member_do_login_end");
1809  
1810          $mybb->input['url'] = $mybb->get_input('url');
1811  
1812          if(!empty($mybb->input['url']) && my_strpos(basename($mybb->input['url']), 'member.php') === false && !preg_match('#^javascript:#i', $mybb->input['url']))
1813          {
1814              if((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false)
1815              {
1816                  $mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']);
1817              }
1818  
1819              $mybb->input['url'] = str_replace('&amp;', '&', $mybb->input['url']);
1820  
1821              if(my_strpos($mybb->input['url'], $mybb->settings['bburl'].'/') !== 0)
1822              {
1823                  if(my_strpos($mybb->input['url'], '/') === 0)
1824                  {
1825                      $mybb->input['url'] = my_substr($mybb->input['url'], 1);
1826                  }
1827                  $url_segments = explode('/', $mybb->input['url']);
1828                  $mybb->input['url'] = $mybb->settings['bburl'].'/'.end($url_segments);
1829              }
1830  
1831              // Redirect to the URL if it is not member.php
1832              redirect($mybb->input['url'], $lang->redirect_loggedin);
1833          }
1834          else
1835          {
1836  
1837              redirect("index.php", $lang->redirect_loggedin);
1838          }
1839      }
1840  
1841      $plugins->run_hooks("member_do_login_end");
1842  }
1843  
1844  if($mybb->input['action'] == "login")
1845  {
1846      $plugins->run_hooks("member_login");
1847  
1848      $member_loggedin_notice = "";
1849      if($mybb->user['uid'] != 0)
1850      {
1851          $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
1852          $lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid']));
1853          eval("\$member_loggedin_notice = \"".$templates->get("member_loggedin_notice")."\";");
1854      }
1855  
1856      // Checks to make sure the user can login; they haven't had too many tries at logging in.
1857      // Is a fatal call if user has had too many tries. This particular check uses cookies, as a uid is not set yet
1858      // and we can't check loginattempts in the db
1859      login_attempt_check();
1860  
1861      // Redirect to the page where the user came from, but not if that was the login page.
1862      if(isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], "action=login") === false)
1863      {
1864          $redirect_url = htmlentities($_SERVER['HTTP_REFERER']);
1865      }
1866      else
1867      {
1868          $redirect_url = '';
1869      }
1870  
1871      $captcha = '';
1872      // Show captcha image for guests if enabled and only if we have to do
1873      if($mybb->settings['captchaimage'] && $do_captcha == true)
1874      {
1875          require_once  MYBB_ROOT.'inc/class_captcha.php';
1876          $login_captcha = new captcha(false, "post_captcha");
1877  
1878          if($login_captcha->type == captcha::DEFAULT_CAPTCHA)
1879          {
1880              if(!$correct)
1881              {
1882                  $login_captcha->build_captcha();
1883              }
1884              else
1885              {
1886                  $captcha = $login_captcha->build_hidden_captcha();
1887              }
1888          }
1889          elseif(in_array($login_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))
1890          {
1891              $login_captcha->build_recaptcha();
1892          }
1893          elseif(in_array($login_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))
1894          {
1895              $login_captcha->build_hcaptcha();
1896          }
1897  
1898          if($login_captcha->html)
1899          {
1900              $captcha = $login_captcha->html;
1901          }
1902      }
1903  
1904      $username = "";
1905      $password = "";
1906      if(isset($mybb->input['username']) && $mybb->request_method == "post")
1907      {
1908          $username = htmlspecialchars_uni($mybb->get_input('username'));
1909      }
1910  
1911      if(isset($mybb->input['password']) && $mybb->request_method == "post")
1912      {
1913          $password = htmlspecialchars_uni($mybb->get_input('password'));
1914      }
1915  
1916      if(!empty($errors))
1917      {
1918          $mybb->input['action'] = "login";
1919          $mybb->request_method = "get";
1920  
1921          $inline_errors = inline_error($errors);
1922      }
1923  
1924      switch($mybb->settings['username_method'])
1925      {
1926          case 1:
1927              $lang->username = $lang->username1;
1928              break;
1929          case 2:
1930              $lang->username = $lang->username2;
1931              break;
1932          default:
1933              break;
1934      }
1935  
1936      $plugins->run_hooks("member_login_end");
1937  
1938      eval("\$login = \"".$templates->get("member_login")."\";");
1939      output_page($login);
1940  }
1941  
1942  if($mybb->input['action'] == "logout")
1943  {
1944      $plugins->run_hooks("member_logout_start");
1945  
1946      if(!$mybb->user['uid'])
1947      {
1948          redirect("index.php", $lang->redirect_alreadyloggedout);
1949      }
1950  
1951      // Check session ID if we have one
1952      if(isset($mybb->input['sid']) && $mybb->get_input('sid') !== $session->sid)
1953      {
1954          error($lang->error_notloggedout);
1955      }
1956      // Otherwise, check logoutkey
1957      else if(!isset($mybb->input['sid']) && $mybb->get_input('logoutkey') !== $mybb->user['logoutkey'])
1958      {
1959          error($lang->error_notloggedout);
1960      }
1961  
1962      my_unsetcookie("mybbuser");
1963      my_unsetcookie("sid");
1964  
1965      if($mybb->user['uid'])
1966      {
1967          $time = TIME_NOW;
1968          // Run this after the shutdown query from session system
1969          $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
1970          $db->delete_query("sessions", "sid = '{$session->sid}'");
1971      }
1972  
1973      $plugins->run_hooks("member_logout_end");
1974  
1975      redirect("index.php", $lang->redirect_loggedout);
1976  }
1977  
1978  if($mybb->input['action'] == "viewnotes")
1979  {
1980      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
1981      $user = get_user($uid);
1982  
1983      // Make sure we are looking at a real user here.
1984      if(!$user)
1985      {
1986          error($lang->error_nomember);
1987      }
1988  
1989      if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
1990      {
1991          error_no_permission();
1992      }
1993  
1994      $user['username'] = htmlspecialchars_uni($user['username']);
1995      $lang->view_notes_for = $lang->sprintf($lang->view_notes_for, $user['username']);
1996  
1997      $user['usernotes'] = nl2br(htmlspecialchars_uni($user['usernotes']));
1998  
1999      $plugins->run_hooks('member_viewnotes');
2000  
2001      eval("\$viewnotes = \"".$templates->get("member_viewnotes", 1, 0)."\";");
2002      echo $viewnotes;
2003      exit;
2004  }
2005  
2006  if($mybb->input['action'] == "profile")
2007  {
2008      if($mybb->usergroup['canviewprofiles'] == 0)
2009      {
2010          error_no_permission();
2011      }
2012  
2013      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
2014      if($uid)
2015      {
2016          $memprofile = get_user($uid);
2017      }
2018      elseif($mybb->user['uid'])
2019      {
2020          $memprofile = $mybb->user;
2021      }
2022      else
2023      {
2024          $memprofile = false;
2025      }
2026  
2027      if(!$memprofile)
2028      {
2029          error($lang->error_nomember);
2030      }
2031  
2032      $uid = $memprofile['uid'];
2033  
2034      $plugins->run_hooks("member_profile_start");
2035  
2036      $me_username = $memprofile['username'];
2037      $memprofile['username'] = htmlspecialchars_uni($memprofile['username']);
2038      $lang->profile = $lang->sprintf($lang->profile, $memprofile['username']);
2039  
2040      // Get member's permissions
2041      $memperms = user_permissions($memprofile['uid']);
2042  
2043      // Set display group
2044      $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
2045  
2046      if(!$memprofile['displaygroup'])
2047      {
2048          $memprofile['displaygroup'] = $memprofile['usergroup'];
2049      }
2050  
2051      $displaygroup = usergroup_displaygroup($memprofile['displaygroup']);
2052      if(is_array($displaygroup))
2053      {
2054          $memperms = array_merge($memperms, $displaygroup);
2055      }
2056  
2057      $lang->nav_profile = $lang->sprintf($lang->nav_profile, $memprofile['username']);
2058      add_breadcrumb($lang->nav_profile);
2059  
2060      $lang->users_forum_info = $lang->sprintf($lang->users_forum_info, $memprofile['username']);
2061      $lang->users_contact_details = $lang->sprintf($lang->users_contact_details, $memprofile['username']);
2062      $lang->send_pm = $lang->sprintf($lang->send_pm, $memprofile['username']);
2063      $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2064      $lang->users_additional_info = $lang->sprintf($lang->users_additional_info, $memprofile['username']);
2065      $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']);
2066      $lang->send_user_email = $lang->sprintf($lang->send_user_email, $memprofile['username']);
2067  
2068      $useravatar = format_avatar($memprofile['avatar'], $memprofile['avatardimensions']);
2069      eval("\$avatar = \"".$templates->get("member_profile_avatar")."\";");
2070  
2071      $website = $sendemail = $sendpm = $contact_details = '';
2072  
2073      if(my_validate_url($memprofile['website']) && !is_member($mybb->settings['hidewebsite']) && $memperms['canchangewebsite'] == 1)
2074      {
2075          $memprofile['website'] = htmlspecialchars_uni($memprofile['website']);
2076          $bgcolor = alt_trow();
2077          eval("\$website = \"".$templates->get("member_profile_website")."\";");
2078      }
2079  
2080      if($mybb->usergroup['cansendemail'] == 1 && $uid != $mybb->user['uid'] && $memprofile['hideemail'] != 1 && (my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false || $mybb->usergroup['cansendemailoverride'] != 0))
2081      {
2082          $bgcolor = alt_trow();
2083          eval("\$sendemail = \"".$templates->get("member_profile_email")."\";");
2084      }
2085  
2086      if($mybb->settings['enablepms'] != 0 && $uid != $mybb->user['uid'] && $mybb->usergroup['canusepms'] == 1 && (($memprofile['receivepms'] != 0 && $memperms['canusepms'] != 0 && my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false) || $mybb->usergroup['canoverridepm'] == 1))
2087      {
2088          $bgcolor = alt_trow();
2089          eval('$sendpm = "'.$templates->get("member_profile_pm").'";');
2090      }
2091  
2092      $contact_fields = array();
2093      $any_contact_field = false;
2094      foreach(array('icq', 'skype', 'google') as $field)
2095      {
2096          $contact_fields[$field] = '';
2097          $settingkey = 'allow'.$field.'field';
2098  
2099          if(!empty($memprofile[$field]) && is_member($mybb->settings[$settingkey], array('usergroup' => $memprofile['usergroup'], 'additionalgroups' => $memprofile['additionalgroups'])))
2100          {
2101              $any_contact_field = true;
2102  
2103              if($field == 'icq')
2104              {
2105                  $memprofile[$field] = (int)$memprofile[$field];
2106              }
2107              else
2108              {
2109                  $memprofile[$field] = htmlspecialchars_uni($memprofile[$field]);
2110              }
2111              $tmpl = 'member_profile_contact_fields_'.$field;
2112  
2113              $bgcolors[$field] = alt_trow();
2114              eval('$contact_fields[\''.$field.'\'] = "'.$templates->get($tmpl).'";');
2115          }
2116      }
2117  
2118      if($any_contact_field || $sendemail || $sendpm || $website)
2119      {
2120          eval('$contact_details = "'.$templates->get("member_profile_contact_details").'";');
2121      }
2122  
2123      $signature = '';
2124      if($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW) && !is_member($mybb->settings['hidesignatures']) && $memperms['canusesig'] && $memperms['canusesigxposts'] <= $memprofile['postnum'])
2125      {
2126          $sig_parser = array(
2127              "allow_html" => $mybb->settings['sightml'],
2128              "allow_mycode" => $mybb->settings['sigmycode'],
2129              "allow_smilies" => $mybb->settings['sigsmilies'],
2130              "allow_imgcode" => $mybb->settings['sigimgcode'],
2131              "me_username" => $me_username,
2132              "filter_badwords" => 1
2133          );
2134  
2135          if($memperms['signofollow'])
2136          {
2137              $sig_parser['nofollow_on'] = 1;
2138          }
2139  
2140          if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2141          {
2142              $sig_parser['allow_imgcode'] = 0;
2143          }
2144  
2145          $memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser);
2146          eval("\$signature = \"".$templates->get("member_profile_signature")."\";");
2147      }
2148  
2149      $daysreg = (TIME_NOW - $memprofile['regdate']) / (24*3600);
2150  
2151      if($daysreg < 1)
2152      {
2153          $daysreg = 1;
2154      }
2155  
2156      $stats = $cache->read("stats");
2157  
2158      // Format post count, per day count and percent of total
2159      $ppd = $memprofile['postnum'] / $daysreg;
2160      $ppd = round($ppd, 2);
2161      if($ppd > $memprofile['postnum'])
2162      {
2163          $ppd = $memprofile['postnum'];
2164      }
2165  
2166      $numposts = $stats['numposts'];
2167      if($numposts == 0)
2168      {
2169          $post_percent = "0";
2170      }
2171      else
2172      {
2173          $post_percent = $memprofile['postnum']*100/$numposts;
2174          $post_percent = round($post_percent, 2);
2175      }
2176  
2177      if($post_percent > 100)
2178      {
2179          $post_percent = 100;
2180      }
2181  
2182      // Format thread count, per day count and percent of total
2183      $tpd = $memprofile['threadnum'] / $daysreg;
2184      $tpd = round($tpd, 2);
2185      if($tpd > $memprofile['threadnum'])
2186      {
2187          $tpd = $memprofile['threadnum'];
2188      }
2189  
2190      $numthreads = $stats['numthreads'];
2191      if($numthreads == 0)
2192      {
2193          $thread_percent = "0";
2194      }
2195      else
2196      {
2197          $thread_percent = $memprofile['threadnum']*100/$numthreads;
2198          $thread_percent = round($thread_percent, 2);
2199      }
2200  
2201      if($thread_percent > 100)
2202      {
2203          $thread_percent = 100;
2204      }
2205  
2206      $findposts = $findthreads = '';
2207      if($mybb->usergroup['cansearch'] == 1)
2208      {
2209          if(!empty($memprofile['postnum']))
2210          {
2211              eval("\$findposts = \"".$templates->get("member_profile_findposts")."\";");
2212          }
2213          if(!empty($memprofile['threadnum']))
2214          {
2215              eval("\$findthreads = \"".$templates->get("member_profile_findthreads")."\";");
2216          }
2217      }
2218  
2219      $awaybit = '';
2220      if($memprofile['away'] == 1 && $mybb->settings['allowaway'] != 0)
2221      {
2222          $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2223          $awaydate = my_date($mybb->settings['dateformat'], $memprofile['awaydate']);
2224          if(!empty($memprofile['awayreason']))
2225          {
2226              $reason = $parser->parse_badwords($memprofile['awayreason']);
2227              $awayreason = htmlspecialchars_uni($reason);
2228          }
2229          else
2230          {
2231              $awayreason = $lang->away_no_reason;
2232          }
2233          if($memprofile['returndate'] == '')
2234          {
2235              $returndate = "$lang->unknown";
2236          }
2237          else
2238          {
2239              $returnhome = explode("-", $memprofile['returndate']);
2240  
2241              // PHP native date functions use integers so timestamps for years after 2038 will not work
2242              // Thus we use adodb_mktime
2243              if($returnhome[2] >= 2038)
2244              {
2245                  require_once  MYBB_ROOT."inc/functions_time.php";
2246                  $returnmkdate = adodb_mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2247                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate, "", 1, true);
2248              }
2249              else
2250              {
2251                  $returnmkdate = mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2252                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate);
2253              }
2254  
2255              // If our away time has expired already, we should be back, right?
2256              if($returnmkdate < TIME_NOW)
2257              {
2258                  $db->update_query('users', array('away' => '0', 'awaydate' => '0', 'returndate' => '', 'awayreason' => ''), 'uid=\''.(int)$memprofile['uid'].'\'');
2259  
2260                  // Update our status to "not away"
2261                  $memprofile['away'] = 0;
2262              }
2263          }
2264  
2265          // Check if our away status is set to 1, it may have been updated already (see a few lines above)
2266          if($memprofile['away'] == 1)
2267          {
2268              eval("\$awaybit = \"".$templates->get("member_profile_away")."\";");
2269          }
2270      }
2271  
2272      $memprofile['timezone'] = (float)$memprofile['timezone'];
2273  
2274      if($memprofile['dst'] == 1)
2275      {
2276          $memprofile['timezone']++;
2277          if(my_substr($memprofile['timezone'], 0, 1) != "-")
2278          {
2279              $memprofile['timezone'] = "+{$memprofile['timezone']}";
2280          }
2281      }
2282  
2283      $memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']);
2284      $memlocaldate = gmdate($mybb->settings['dateformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2285      $memlocaltime = gmdate($mybb->settings['timeformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2286  
2287      $localtime = $lang->sprintf($lang->local_time_format, $memlocaldate, $memlocaltime);
2288  
2289      if($memprofile['birthday'])
2290      {
2291          $membday = explode("-", $memprofile['birthday']);
2292  
2293          if($memprofile['birthdayprivacy'] != 'none')
2294          {
2295              if($membday[0] && $membday[1] && $membday[2])
2296              {
2297                  $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday']));
2298  
2299                  $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]);
2300                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]);
2301                  $membday = date($bdayformat, $membday);
2302  
2303                  $membdayage = $lang->membdayage;
2304              }
2305              elseif($membday[2])
2306              {
2307                  $membday = mktime(0, 0, 0, 1, 1, $membday[2]);
2308                  $membday = date("Y", $membday);
2309                  $membdayage = '';
2310              }
2311              else
2312              {
2313                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0);
2314                  $membday = date("F j", $membday);
2315                  $membdayage = '';
2316              }
2317          }
2318  
2319          if($memprofile['birthdayprivacy'] == 'age')
2320          {
2321              $membday = $lang->birthdayhidden;
2322          }
2323          else if($memprofile['birthdayprivacy'] == 'none')
2324          {
2325              $membday = $lang->birthdayhidden;
2326              $membdayage = '';
2327          }
2328      }
2329      else
2330      {
2331          $membday = $lang->not_specified;
2332          $membdayage = '';
2333      }
2334  
2335      // Get the user title for this user
2336      unset($usertitle);
2337      unset($stars);
2338      $starimage = '';
2339      if(trim($memprofile['usertitle']) != '')
2340      {
2341          // User has custom user title
2342          $usertitle = $memprofile['usertitle'];
2343      }
2344      elseif(trim($memperms['usertitle']) != '')
2345      {
2346          // User has group title
2347          $usertitle = $memperms['usertitle'];
2348      }
2349      else
2350      {
2351          // No usergroup title so get a default one
2352          $usertitles = $cache->read('usertitles');
2353  
2354          if(is_array($usertitles))
2355          {
2356              foreach($usertitles as $title)
2357              {
2358                  if($memprofile['postnum'] >= $title['posts'])
2359                  {
2360                      $usertitle = $title['title'];
2361                      $stars = $title['stars'];
2362                      $starimage = $title['starimage'];
2363  
2364                      break;
2365                  }
2366              }
2367          }
2368      }
2369  
2370      $usertitle = htmlspecialchars_uni($usertitle);
2371  
2372      if($memperms['stars'] || $memperms['usertitle'])
2373      {
2374          // Set the number of stars if display group has constant number of stars
2375          $stars = $memperms['stars'];
2376      }
2377      elseif(!$stars)
2378      {
2379          if(!is_array($usertitles))
2380          {
2381              $usertitles = $cache->read('usertitles');
2382          }
2383  
2384          // This is for cases where the user has a title, but the group has no defined number of stars (use number of stars as per default usergroups)
2385          if(is_array($usertitles))
2386          {
2387              foreach($usertitles as $title)
2388              {
2389                  if($memprofile['postnum'] >= $title['posts'])
2390                  {
2391                      $stars = $title['stars'];
2392                      $starimage = $title['starimage'];
2393                      break;
2394                  }
2395              }
2396          }
2397      }
2398  
2399      $groupimage = '';
2400      if(!empty($memperms['image']))
2401      {
2402          if(!empty($mybb->user['language']))
2403          {
2404              $language = $mybb->user['language'];
2405          }
2406          else
2407          {
2408              $language = $mybb->settings['bblanguage'];
2409          }
2410          $memperms['image'] = str_replace("{lang}", $language, $memperms['image']);
2411          $memperms['image'] = str_replace("{theme}", $theme['imgdir'], $memperms['image']);
2412          eval("\$groupimage = \"".$templates->get("member_profile_groupimage")."\";");
2413      }
2414  
2415      if(empty($starimage))
2416      {
2417          $starimage = $memperms['starimage'];
2418      }
2419  
2420      if(!empty($starimage))
2421      {
2422          // Only display stars if we have an image to use...
2423          $starimage = str_replace("{theme}", $theme['imgdir'], $starimage);
2424          $userstars = '';
2425          for($i = 0; $i < $stars; ++$i)
2426          {
2427              eval("\$userstars .= \"".$templates->get("member_profile_userstar", 1, 0)."\";");
2428          }
2429      }
2430  
2431      // User is currently online and this user has permissions to view the user on the WOL
2432      $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60;
2433      $query = $db->simple_select("sessions", "location,nopermission", "uid='$uid' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
2434      $session = $db->fetch_array($query);
2435  
2436      $timeonline = $lang->none_registered;
2437      $memlastvisitdate = $lang->lastvisit_never;
2438      $last_seen = max(array($memprofile['lastactive'], $memprofile['lastvisit']));
2439      if(!empty($last_seen))
2440      {
2441          // We have some stamp here
2442          if($memprofile['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $memprofile['uid'] != $mybb->user['uid'])
2443          {
2444              $memlastvisitdate = $lang->lastvisit_hidden;
2445              $online_status = $timeonline = $lang->timeonline_hidden;
2446          }
2447          else
2448          {
2449              $memlastvisitdate = my_date('relative', $last_seen);
2450  
2451              if($memprofile['timeonline'] > 0)
2452              {
2453                  $timeonline = nice_time($memprofile['timeonline']);
2454              }
2455  
2456              // Online?
2457              if(!empty($session))
2458              {
2459                  // Fetch their current location
2460                  $lang->load("online");
2461                  require_once  MYBB_ROOT."inc/functions_online.php";
2462                  $activity = fetch_wol_activity($session['location'], $session['nopermission']);
2463                  $location = build_friendly_wol_location($activity);
2464                  $location_time = my_date($mybb->settings['timeformat'], $last_seen);
2465  
2466                  eval("\$online_status = \"".$templates->get("member_profile_online")."\";");
2467              }
2468          }
2469      }
2470  
2471      if(!isset($online_status))
2472      {
2473          eval("\$online_status = \"".$templates->get("member_profile_offline")."\";");
2474      }
2475  
2476      // Reset the background colours to keep it inline
2477      $alttrow = 'trow1';
2478  
2479      // Build Referral
2480      $referrals = '';
2481      if($mybb->settings['usereferrals'] == 1)
2482      {
2483          $bg_color = alt_trow();
2484  
2485          $uid = (int) $memprofile['uid'];
2486          $referral_count = $memprofile['referrals'];
2487          if ($referral_count > 0) {
2488              eval("\$memprofile['referrals'] = \"".$templates->get('member_referrals_link')."\";");
2489          }
2490  
2491          eval("\$referrals = \"".$templates->get('member_profile_referrals')."\";");
2492      }
2493  
2494      // Fetch the reputation for this user
2495      $reputation = '';
2496      if($memperms['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
2497      {
2498          $bg_color = alt_trow();
2499          $reputation = get_reputation($memprofile['reputation']);
2500  
2501          // If this user has permission to give reputations show the vote link
2502          $vote_link = '';
2503          if($mybb->usergroup['cangivereputations'] == 1 && $memprofile['uid'] != $mybb->user['uid'] && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep']))
2504          {
2505              eval("\$vote_link = \"".$templates->get("member_profile_reputation_vote")."\";");
2506          }
2507  
2508          eval("\$reputation = \"".$templates->get("member_profile_reputation")."\";");
2509      }
2510  
2511      $warning_level = '';
2512      if($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || ($mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0)))
2513      {
2514          $bg_color = alt_trow();
2515  
2516          if($mybb->settings['maxwarningpoints'] < 1)
2517          {
2518              $mybb->settings['maxwarningpoints'] = 10;
2519          }
2520  
2521          $warning_level = round($memprofile['warningpoints']/$mybb->settings['maxwarningpoints']*100);
2522  
2523          if($warning_level > 100)
2524          {
2525              $warning_level = 100;
2526          }
2527  
2528          $warning_level = get_colored_warning_level($warning_level);
2529          if($mybb->usergroup['canwarnusers'] != 0)
2530          {
2531              eval("\$warn_user = \"".$templates->get("member_profile_warn")."\";");
2532              eval("\$warning_level = \"".$templates->get("member_profile_warninglevel_link")."\";");
2533          }
2534          else
2535          {
2536              eval("\$warning_level = \"".$templates->get("member_profile_warninglevel")."\";");
2537          }
2538      }
2539  
2540      $bgcolor = $alttrow = 'trow1';
2541      $customfields = $profilefields = '';
2542  
2543      $query = $db->simple_select("userfields", "*", "ufid = '{$uid}'");
2544      $userfields = $db->fetch_array($query);
2545  
2546      // If this user is an Administrator or a Moderator then we wish to show all profile fields
2547      $pfcache = $cache->read('profilefields');
2548  
2549      if(is_array($pfcache))
2550      {
2551          foreach($pfcache as $customfield)
2552          {
2553              if($mybb->usergroup['cancp'] != 1 && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['canmodcp'] != 1 && !is_member($customfield['viewableby']) || !$customfield['profile'])
2554              {
2555                  continue;
2556              }
2557  
2558              $thing = explode("\n", $customfield['type'], "2");
2559              $type = trim($thing[0]);
2560  
2561              $customfieldval = $customfield_val = '';
2562              $field = "fid{$customfield['fid']}";
2563  
2564              if(isset($userfields[$field]))
2565              {
2566                  $useropts = explode("\n", $userfields[$field]);
2567                  $customfieldval = $comma = '';
2568                  if(is_array($useropts) && ($type == "multiselect" || $type == "checkbox"))
2569                  {
2570                      foreach($useropts as $val)
2571                      {
2572                          if($val != '')
2573                          {
2574                              eval("\$customfield_val .= \"".$templates->get("member_profile_customfields_field_multi_item")."\";");
2575                          }
2576                      }
2577                      if($customfield_val != '')
2578                      {
2579                          eval("\$customfieldval = \"".$templates->get("member_profile_customfields_field_multi")."\";");
2580                      }
2581                  }
2582                  else
2583                  {
2584                      $parser_options = array(
2585                          "allow_html" => $customfield['allowhtml'],
2586                          "allow_mycode" => $customfield['allowmycode'],
2587                          "allow_smilies" => $customfield['allowsmilies'],
2588                          "allow_imgcode" => $customfield['allowimgcode'],
2589                          "allow_videocode" => $customfield['allowvideocode'],
2590                          #"nofollow_on" => 1,
2591                          "filter_badwords" => 1
2592                      );
2593  
2594                      if($customfield['type'] == "textarea")
2595                      {
2596                          $parser_options['me_username'] = $memprofile['username'];
2597                      }
2598                      else
2599                      {
2600                          $parser_options['nl2br'] = 0;
2601                      }
2602  
2603                      if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2604                      {
2605                          $parser_options['allow_imgcode'] = 0;
2606                      }
2607  
2608                      $customfieldval = $parser->parse_message($userfields[$field], $parser_options);
2609                  }
2610              }
2611  
2612              if($customfieldval)
2613              {
2614                  $customfield['name'] = htmlspecialchars_uni($customfield['name']);
2615                  eval("\$customfields .= \"".$templates->get("member_profile_customfields_field")."\";");
2616                  $bgcolor = alt_trow();
2617              }
2618          }
2619      }
2620  
2621      if($customfields)
2622      {
2623          eval("\$profilefields = \"".$templates->get("member_profile_customfields")."\";");
2624      }
2625  
2626      $memprofile['postnum'] = my_number_format($memprofile['postnum']);
2627      $lang->ppd_percent_total = $lang->sprintf($lang->ppd_percent_total, my_number_format($ppd), $post_percent);
2628  
2629      $memprofile['threadnum'] = my_number_format($memprofile['threadnum']);
2630      $lang->tpd_percent_total = $lang->sprintf($lang->tpd_percent_total, my_number_format($tpd), $thread_percent);
2631  
2632      $formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']);
2633  
2634      $bannedbit = '';
2635      if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1)
2636      {
2637          // Fetch details on their ban
2638          $query = $db->simple_select('banned b LEFT JOIN '.TABLE_PREFIX.'users a ON (b.admin=a.uid)', 'b.*, a.username AS adminuser', "b.uid='{$uid}'", array('limit' => 1));
2639          $memban = $db->fetch_array($query);
2640  
2641          if($memban['reason'])
2642          {
2643              $memban['reason'] = htmlspecialchars_uni($parser->parse_badwords($memban['reason']));
2644          }
2645          else
2646          {
2647              $memban['reason'] = $lang->na;
2648          }
2649  
2650          if($memban['lifted'] == 'perm' || $memban['lifted'] == '' || $memban['bantime'] == 'perm' || $memban['bantime'] == '---')
2651          {
2652              $banlength = $lang->permanent;
2653              $timeremaining = $lang->na;
2654              $banned_class = "normal_banned";
2655          }
2656          else
2657          {
2658              // Set up the array of ban times.
2659              $bantimes = fetch_ban_times();
2660  
2661              $banlength = $bantimes[$memban['bantime']];
2662              $remaining = $memban['lifted']-TIME_NOW;
2663  
2664              $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
2665  
2666              $banned_class = '';
2667              if($remaining < 3600)
2668              {
2669                  $banned_class = "high_banned";
2670              }
2671              else if($remaining < 86400)
2672              {
2673                  $banned_class = "moderate_banned";
2674              }
2675              else if($remaining < 604800)
2676              {
2677                  $banned_class = "low_banned";
2678              }
2679              else
2680              {
2681                  $banned_class = "normal_banned";
2682              }
2683          }
2684          eval('$timeremaining = "'.$templates->get('member_profile_banned_remaining').'";');
2685  
2686          $memban['adminuser'] = build_profile_link(htmlspecialchars_uni($memban['adminuser']), $memban['admin']);
2687  
2688          // Display a nice warning to the user
2689          eval('$bannedbit = "'.$templates->get('member_profile_banned').'";');
2690      }
2691  
2692      $adminoptions = '';
2693      if($mybb->usergroup['cancp'] == 1 && $mybb->config['hide_admin_links'] != 1)
2694      {
2695          if($memperms['isbannedgroup'] == 1)
2696          {
2697              eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions_manageban")."\";");
2698          }
2699          else
2700          {
2701              eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions")."\";");
2702          }
2703      }
2704  
2705      $modoptions = $viewnotes = $editnotes = $editprofile = $banuser = $manageban = $manageuser = '';
2706      $can_purge_spammer = purgespammer_show($memprofile['postnum'], $memprofile['usergroup'], $memprofile['uid']);
2707      if($mybb->usergroup['canmodcp'] == 1 || $can_purge_spammer)
2708      {
2709          if($mybb->usergroup['canuseipsearch'] == 1)
2710          {
2711              $memprofile['regip'] = my_inet_ntop($db->unescape_binary($memprofile['regip']));
2712              $memprofile['lastip'] = my_inet_ntop($db->unescape_binary($memprofile['lastip']));
2713  
2714              eval("\$ipaddress = \"".$templates->get("member_profile_modoptions_ipaddress")."\";");
2715          }
2716  
2717          $memprofile['usernotes'] = nl2br(htmlspecialchars_uni($memprofile['usernotes']));
2718  
2719          if(!empty($memprofile['usernotes']))
2720          {
2721              if(strlen($memprofile['usernotes']) > 100)
2722              {
2723                  eval("\$viewnotes = \"".$templates->get("member_profile_modoptions_viewnotes")."\";");
2724                  $memprofile['usernotes'] = my_substr($memprofile['usernotes'], 0, 100)."... {$viewnotes}";
2725              }
2726          }
2727          else
2728          {
2729              $memprofile['usernotes'] = $lang->no_usernotes;
2730          }
2731  
2732          if($mybb->usergroup['caneditprofiles'] == 1 && modcp_can_manage_user($memprofile['uid']))
2733          {
2734              if(modcp_can_manage_user($memprofile['uid']))
2735              {
2736                  eval("\$editprofile = \"".$templates->get("member_profile_modoptions_editprofile")."\";");
2737                  eval("\$editnotes = \"".$templates->get("member_profile_modoptions_editnotes")."\";");
2738          
2739              }
2740          }
2741  
2742          if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1 && modcp_can_manage_user($memprofile['uid']))
2743          {
2744              eval("\$manageban = \"".$templates->get("member_profile_modoptions_manageban")."\";");
2745          }
2746          elseif(modcp_can_manage_user($memprofile['uid']) && $mybb->usergroup['canbanusers'] == 1)
2747          {
2748              if(modcp_can_manage_user($memprofile['uid']) && $mybb->usergroup['canbanusers'] == 1)
2749              {
2750                  eval("\$banuser = \"".$templates->get("member_profile_modoptions_banuser")."\";");
2751              }
2752          }
2753  
2754          $purgespammer = '';
2755          if($can_purge_spammer)
2756          {
2757              eval("\$purgespammer = \"".$templates->get('member_profile_modoptions_purgespammer')."\";");
2758          }
2759  
2760          if(!empty($editprofile) || !empty($banuser) || !empty($manageban) || !empty($purgespammer))
2761          {
2762              eval("\$manageuser = \"".$templates->get("member_profile_modoptions_manageuser")."\";");
2763          }
2764  
2765          eval("\$modoptions = \"".$templates->get("member_profile_modoptions")."\";");
2766      }
2767  
2768      $add_remove_options = array();
2769      $buddy_options = $ignore_options = $report_options = '';
2770      if($mybb->user['uid'] != $memprofile['uid'] && $mybb->user['uid'] != 0)
2771      {
2772          $buddy_list = explode(',', $mybb->user['buddylist']);
2773          $ignore_list = explode(',', $mybb->user['ignorelist']);
2774  
2775          if(in_array($uid, $buddy_list))
2776          {
2777              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_buddy_button', 'lang' => $lang->remove_from_buddy_list);
2778          }
2779          else
2780          {
2781              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_buddy_button', 'lang' => $lang->add_to_buddy_list);
2782          }
2783  
2784          if(!in_array($uid, $ignore_list))
2785          {
2786              eval("\$buddy_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Buddy
2787          }
2788  
2789          if(in_array($uid, $ignore_list))
2790          {
2791              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_ignore_button', 'lang' => $lang->remove_from_ignore_list);
2792          }
2793          else
2794          {
2795              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_ignore_button', 'lang' => $lang->add_to_ignore_list);
2796          }
2797  
2798          if(!in_array($uid, $buddy_list))
2799          {
2800              eval("\$ignore_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Ignore
2801          }
2802  
2803          if(isset($memperms['canbereported']) && $memperms['canbereported'] == 1)
2804          {
2805              $reportable = true;
2806              $query = $db->simple_select("reportedcontent", "reporters", "reportstatus != '1' AND id = '{$memprofile['uid']}' AND type = 'profile'");
2807              if($db->num_rows($query))
2808              {
2809                  $report = $db->fetch_array($query);
2810                  $report['reporters'] = my_unserialize($report['reporters']);
2811                  if(is_array($report['reporters']) && in_array($mybb->user['uid'], $report['reporters']))
2812                  {
2813                      $reportable = false;
2814                  }
2815              }
2816              if($reportable)
2817              {
2818                  $add_remove_options = array('url' => "javascript:Report.reportUser({$memprofile['uid']});", 'class' => 'report_user_button', 'lang' => $lang->report_user);
2819                  eval("\$report_options = \"".$templates->get("member_profile_addremove")."\";"); // Report User
2820              }
2821          }
2822      }
2823  
2824      $plugins->run_hooks("member_profile_end");
2825  
2826      eval("\$profile = \"".$templates->get("member_profile")."\";");
2827      output_page($profile);
2828  }
2829  
2830  if($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post")
2831  {
2832      // Verify incoming POST request
2833      verify_post_check($mybb->get_input('my_post_key'));
2834  
2835      $plugins->run_hooks("member_do_emailuser_start");
2836  
2837      // Guests or those without permission can't email other users
2838      if($mybb->usergroup['cansendemail'] == 0)
2839      {
2840          error_no_permission();
2841      }
2842  
2843      // Check group limits
2844      if($mybb->usergroup['maxemails'] > 0)
2845      {
2846          if($mybb->user['uid'] > 0)
2847          {
2848              $user_check = "fromuid='{$mybb->user['uid']}'";
2849          }
2850          else
2851          {
2852              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2853          }
2854  
2855          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
2856          $sent_count = $db->fetch_field($query, "sent_count");
2857          if($sent_count >= $mybb->usergroup['maxemails'])
2858          {
2859              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
2860              error($lang->error_max_emails_day);
2861          }
2862      }
2863  
2864      // Check email flood control
2865      if($mybb->usergroup['emailfloodtime'] > 0)
2866      {
2867          if($mybb->user['uid'] > 0)
2868          {
2869              $user_check = "fromuid='{$mybb->user['uid']}'";
2870          }
2871          else
2872          {
2873              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2874          }
2875  
2876          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
2877  
2878          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
2879          $last_email = $db->fetch_array($query);
2880  
2881          // Users last email was within the flood time, show the error
2882          if($last_email['mid'])
2883          {
2884              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
2885  
2886              if($remaining_time == 1)
2887              {
2888                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
2889              }
2890              elseif($remaining_time < 60)
2891              {
2892                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
2893              }
2894              elseif($remaining_time > 60 && $remaining_time < 120)
2895              {
2896                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
2897              }
2898              else
2899              {
2900                  $remaining_time_minutes = ceil($remaining_time/60);
2901                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
2902              }
2903  
2904              error($lang->error_emailflooding);
2905          }
2906      }
2907  
2908      $query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
2909      $to_user = $db->fetch_array($query);
2910  
2911      if(!$to_user['username'])
2912      {
2913          error($lang->error_invalidusername);
2914      }
2915  
2916      if($to_user['hideemail'] != 0)
2917      {
2918          error($lang->error_hideemail);
2919      }
2920  
2921      $errors = array();
2922  
2923      if($mybb->user['uid'])
2924      {
2925          $mybb->input['fromemail'] = $mybb->user['email'];
2926          $mybb->input['fromname'] = $mybb->user['username'];
2927      }
2928  
2929      if(!validate_email_format($mybb->input['fromemail']))
2930      {
2931          $errors[] = $lang->error_invalidfromemail;
2932      }
2933  
2934      if(empty($mybb->input['fromname']))
2935      {
2936          $errors[] = $lang->error_noname;
2937      }
2938  
2939      if(empty($mybb->input['subject']))
2940      {
2941          $errors[] = $lang->error_no_email_subject;
2942      }
2943  
2944      if(empty($mybb->input['message']))
2945      {
2946          $errors[] = $lang->error_no_email_message;
2947      }
2948  
2949      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
2950      {
2951          require_once  MYBB_ROOT.'inc/class_captcha.php';
2952          $captcha = new captcha;
2953  
2954          if($captcha->validate_captcha() == false)
2955          {
2956              // CAPTCHA validation failed
2957              foreach($captcha->get_errors() as $error)
2958              {
2959                  $errors[] = $error;
2960              }
2961          }
2962      }
2963  
2964      if(count($errors) == 0)
2965      {
2966          if($mybb->settings['mail_handler'] == 'smtp')
2967          {
2968              $from = $mybb->input['fromemail'];
2969          }
2970          else
2971          {
2972              $from = "{$mybb->input['fromname']} <{$mybb->input['fromemail']}>";
2973          }
2974  
2975          $message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->input['fromname'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->get_input('message'));
2976          my_mail($to_user['email'], $mybb->get_input('subject'), $message, '', '', '', false, 'text', '', $from);
2977  
2978          if($mybb->settings['mail_logging'] > 0)
2979          {
2980              // Log the message
2981              $log_entry = array(
2982                  "subject" => $db->escape_string($mybb->get_input('subject')),
2983                  "message" => $db->escape_string($mybb->get_input('message')),
2984                  "dateline" => TIME_NOW,
2985                  "fromuid" => $mybb->user['uid'],
2986                  "fromemail" => $db->escape_string($mybb->input['fromemail']),
2987                  "touid" => $to_user['uid'],
2988                  "toemail" => $db->escape_string($to_user['email']),
2989                  "tid" => 0,
2990                  "ipaddress" => $db->escape_binary($session->packedip),
2991                  "type" => 1
2992              );
2993              $db->insert_query("maillogs", $log_entry);
2994          }
2995  
2996          $plugins->run_hooks("member_do_emailuser_end");
2997  
2998          redirect(get_profile_link($to_user['uid']), $lang->redirect_emailsent);
2999      }
3000      else
3001      {
3002          $mybb->input['action'] = "emailuser";
3003      }
3004  }
3005  
3006  if($mybb->input['action'] == "emailuser")
3007  {
3008      $plugins->run_hooks("member_emailuser_start");
3009  
3010      // Guests or those without permission can't email other users
3011      if($mybb->usergroup['cansendemail'] == 0)
3012      {
3013          error_no_permission();
3014      }
3015  
3016      // Check group limits
3017      if($mybb->usergroup['maxemails'] > 0)
3018      {
3019          if($mybb->user['uid'] > 0)
3020          {
3021              $user_check = "fromuid='{$mybb->user['uid']}'";
3022          }
3023          else
3024          {
3025              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3026          }
3027  
3028          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
3029          $sent_count = $db->fetch_field($query, "sent_count");
3030          if($sent_count >= $mybb->usergroup['maxemails'])
3031          {
3032              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
3033              error($lang->error_max_emails_day);
3034          }
3035      }
3036  
3037      // Check email flood control
3038      if($mybb->usergroup['emailfloodtime'] > 0)
3039      {
3040          if($mybb->user['uid'] > 0)
3041          {
3042              $user_check = "fromuid='{$mybb->user['uid']}'";
3043          }
3044          else
3045          {
3046              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3047          }
3048  
3049          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
3050  
3051          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
3052          $last_email = $db->fetch_array($query);
3053  
3054          // Users last email was within the flood time, show the error
3055          if($last_email['mid'])
3056          {
3057              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
3058  
3059              if($remaining_time == 1)
3060              {
3061                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
3062              }
3063              elseif($remaining_time < 60)
3064              {
3065                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
3066              }
3067              elseif($remaining_time > 60 && $remaining_time < 120)
3068              {
3069                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
3070              }
3071              else
3072              {
3073                  $remaining_time_minutes = ceil($remaining_time/60);
3074                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
3075              }
3076  
3077              error($lang->error_emailflooding);
3078          }
3079      }
3080  
3081      $query = $db->simple_select("users", "uid, username, email, hideemail, ignorelist", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
3082      $to_user = $db->fetch_array($query);
3083  
3084      $to_user['username'] = htmlspecialchars_uni($to_user['username']);
3085      $lang->email_user = $lang->sprintf($lang->email_user, $to_user['username']);
3086  
3087      if(!$to_user['uid'])
3088      {
3089          error($lang->error_invaliduser);
3090      }
3091  
3092      if($to_user['hideemail'] != 0)
3093      {
3094          error($lang->error_hideemail);
3095      }
3096  
3097      if($to_user['ignorelist'] && (my_strpos(",".$to_user['ignorelist'].",", ",".$mybb->user['uid'].",") !== false && $mybb->usergroup['cansendemailoverride'] != 1))
3098      {
3099          error_no_permission();
3100      }
3101  
3102      if(isset($errors) && count($errors) > 0)
3103      {
3104          $errors = inline_error($errors);
3105          $fromname = htmlspecialchars_uni($mybb->get_input('fromname'));
3106          $fromemail = htmlspecialchars_uni($mybb->get_input('fromemail'));
3107          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
3108          $message = htmlspecialchars_uni($mybb->get_input('message'));
3109      }
3110      else
3111      {
3112          $errors = '';
3113          $fromname = '';
3114          $fromemail = '';
3115          $subject = '';
3116          $message = '';
3117      }
3118  
3119      // Generate CAPTCHA?
3120      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
3121      {
3122          require_once  MYBB_ROOT.'inc/class_captcha.php';
3123          $post_captcha = new captcha(true, "post_captcha");
3124  
3125          if($post_captcha->html)
3126          {
3127              $captcha = $post_captcha->html;
3128          }
3129      }
3130      else
3131      {
3132          $captcha = '';
3133      }
3134  
3135      $from_email = '';
3136      if($mybb->user['uid'] == 0)
3137      {
3138          eval("\$from_email = \"".$templates->get("member_emailuser_guest")."\";");
3139      }
3140  
3141      $plugins->run_hooks("member_emailuser_end");
3142  
3143      eval("\$emailuser = \"".$templates->get("member_emailuser")."\";");
3144      output_page($emailuser);
3145  }
3146  
3147  if($mybb->input['action'] == 'referrals')
3148  {
3149      $plugins->run_hooks('member_referrals_start');
3150  
3151      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
3152      if(!$uid)
3153      {
3154          error($lang->referrals_no_user_specified);
3155      }
3156  
3157      $user = get_user($uid);
3158      if(!$user['$uid'])
3159      {
3160          error($lang->referrals_invalid_user);
3161      }
3162  
3163      $lang->nav_referrals = $lang->sprintf($lang->nav_referrals, $user['username']);
3164      add_breadcrumb($lang->nav_referrals);
3165  
3166      $query = $db->simple_select('users', 'COUNT(uid) AS total', "referrer='{$uid}'");
3167      $referral_count = $db->fetch_field($query, 'total');
3168  
3169      $bg_color = 'trow1';
3170  
3171      if($referral_count == 0)
3172      {
3173          eval("\$referral_rows = \"".$templates->get('member_no_referrals')."\";");
3174      }
3175      else
3176      {
3177          // Figure out if we need to display multiple pages.
3178          $perpage = 20;
3179          if ((int) $mybb->settings['referralsperpage']) {
3180              $perpage = (int) $mybb->settings['referralsperpage'];
3181          }
3182  
3183          $page = 1;
3184          if($mybb->get_input('page', MyBB::INPUT_INT))
3185          {
3186              $page = $mybb->get_input('page', MyBB::INPUT_INT);
3187          }
3188  
3189          $pages = ceil($referral_count / $perpage);
3190  
3191          if($page > $pages || $page <= 0)
3192          {
3193              $page = 1;
3194          }
3195  
3196          if($page)
3197          {
3198              $start = ($page-1) * $perpage;
3199          }
3200          else
3201          {
3202              $start = 0;
3203              $page = 1;
3204          }
3205  
3206          $multipage = multipage($referral_count, $perpage, $page, "member.php?action=referrals&amp;uid={$uid}");
3207  
3208          foreach(get_user_referrals($uid, $start, $perpage) as $referral)
3209          {
3210              // Format user name link
3211              $username = htmlspecialchars_uni($referral['username']);
3212              $username = format_name($username, $referral['usergroup'], $referral['displaygroup']);
3213              $username = build_profile_link($username, $referral['uid']);
3214  
3215              $regdate = my_date('normal', $referral['regdate']);
3216  
3217              eval("\$referral_rows .= \"".$templates->get('member_referral_row')."\";");
3218  
3219              $bg_color = alt_trow();
3220          }
3221      }
3222  
3223      $plugins->run_hooks('member_referrals_end');
3224  
3225      eval("\$referrals = \"".$templates->get("member_referrals")."\";");
3226      output_page($referrals);
3227  }
3228  
3229  if(!$mybb->input['action'])
3230  {
3231      header("Location: index.php");
3232  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref