| [ Index ] |
PHP Cross Reference of MyBB 1.8.40 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define("IGNORE_CLEAN_VARS", "sid"); 13 define('THIS_SCRIPT', 'member.php'); 14 define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword,viewnotes"); 15 16 $nosession['avatar'] = 1; 17 18 $templatelist = "member_register,member_register_hiddencaptcha,member_register_coppa,member_register_agreement_coppa,member_register_agreement,member_register_customfield,member_register_requiredfields,member_profile_findthreads"; 19 $templatelist .= ",member_loggedin_notice,member_profile_away,member_register_regimage,member_register_regimage_recaptcha_invisible,member_register_regimage_nocaptcha,post_captcha_cfturnstile,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_captcha_hidden,post_captcha,member_register_referrer"; 20 $templatelist .= ",member_profile_email,member_profile_offline,member_profile_reputation,member_profile_warn,member_profile_warninglevel,member_profile_warninglevel_link,member_profile_customfields_field,member_profile_customfields,member_profile_adminoptions_manageban,member_profile_adminoptions,member_profile"; 21 $templatelist .= ",member_profile_signature,member_profile_avatar,member_profile_groupimage,member_referrals_link,member_profile_referrals,member_profile_website,member_profile_reputation_vote,member_activate,member_lostpw,member_register_additionalfields"; 22 $templatelist .= ",member_profile_modoptions_manageuser,member_profile_modoptions_editprofile,member_profile_modoptions_banuser,member_profile_modoptions_viewnotes,member_profile_modoptions_editnotes,member_profile_modoptions_purgespammer"; 23 $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,member_viewnotes"; 24 $templatelist .= ",member_register_question,member_register_question_refresh,usercp_options_timezone,usercp_options_timezone_option,usercp_options_language_option,member_profile_customfields_field_multi_item,member_profile_customfields_field_multi"; 25 $templatelist .= ",member_profile_pm,member_profile_contact_details,member_profile_modoptions_manageban"; 26 $templatelist .= ",member_profile_banned_remaining,member_profile_addremove,member_emailuser_guest,member_register_day,usercp_options_tppselect_option,postbit_warninglevel_formatted,member_profile_userstar,member_profile_findposts"; 27 $templatelist .= ",usercp_options_tppselect,usercp_options_pppselect,member_resetpassword,member_login,member_profile_online,usercp_options_pppselect_option,postbit_reputation_formatted,member_emailuser,usercp_profile_profilefields_text"; 28 $templatelist .= ",member_profile_modoptions_ipaddress,member_profile_modoptions,member_profile_banned,member_register_language,member_resendactivation,usercp_profile_profilefields_checkbox,member_register_password,member_coppa_form"; 29 30 require_once "./global.php"; 31 require_once MYBB_ROOT."inc/functions_post.php"; 32 require_once MYBB_ROOT."inc/functions_user.php"; 33 require_once MYBB_ROOT."inc/class_parser.php"; 34 require_once MYBB_ROOT."inc/functions_modcp.php"; 35 $parser = new postParser; 36 37 // Load global language phrases 38 $lang->load("member"); 39 40 $mybb->input['action'] = $mybb->get_input('action'); 41 42 // Make navigation 43 switch($mybb->input['action']) 44 { 45 case "register": 46 case "do_register": 47 add_breadcrumb($lang->nav_register); 48 break; 49 case "activate": 50 add_breadcrumb($lang->nav_activate); 51 break; 52 case "resendactivation": 53 add_breadcrumb($lang->nav_resendactivation); 54 break; 55 case "lostpw": 56 add_breadcrumb($lang->nav_lostpw); 57 break; 58 case "resetpassword": 59 add_breadcrumb($lang->nav_resetpassword); 60 break; 61 case "login": 62 add_breadcrumb($lang->nav_login); 63 break; 64 case "emailuser": 65 add_breadcrumb($lang->nav_emailuser); 66 break; 67 } 68 69 if(($mybb->input['action'] == "register" || $mybb->input['action'] == "do_register") && $mybb->usergroup['cancp'] != 1) 70 { 71 if($mybb->settings['disableregs'] == 1) 72 { 73 error($lang->registrations_disabled); 74 } 75 if($mybb->user['uid'] != 0) 76 { 77 error($lang->error_alreadyregistered); 78 } 79 if($mybb->settings['betweenregstime'] && $mybb->settings['maxregsbetweentime']) 80 { 81 $time = TIME_NOW; 82 $datecut = $time-(60*60*$mybb->settings['betweenregstime']); 83 $query = $db->simple_select("users", "*", "regip=".$db->escape_binary($session->packedip)." AND regdate > '$datecut'"); 84 $regcount = $db->num_rows($query); 85 if($regcount >= $mybb->settings['maxregsbetweentime']) 86 { 87 $lang->error_alreadyregisteredtime = $lang->sprintf($lang->error_alreadyregisteredtime, $regcount, $mybb->settings['betweenregstime']); 88 error($lang->error_alreadyregisteredtime); 89 } 90 } 91 } 92 93 $fromreg = 0; 94 if($mybb->input['action'] == "do_register" && $mybb->request_method == "post") 95 { 96 $plugins->run_hooks("member_do_register_start"); 97 98 // Are checking how long it takes for users to register? 99 if($mybb->settings['regtime'] > 0) 100 { 101 // Is the field actually set? 102 if(isset($mybb->input['regtime'])) 103 { 104 // Check how long it took for this person to register 105 $timetook = TIME_NOW - $mybb->get_input('regtime', MyBB::INPUT_INT); 106 107 // See if they registered faster than normal 108 if($timetook < $mybb->settings['regtime']) 109 { 110 // This user registered pretty quickly, bot detected! 111 $lang->error_spam_deny_time = $lang->sprintf($lang->error_spam_deny_time, $mybb->settings['regtime'], $timetook); 112 error($lang->error_spam_deny_time); 113 } 114 } 115 else 116 { 117 error($lang->error_spam_deny); 118 } 119 } 120 121 // If we have hidden CATPCHA enabled and it's filled, deny registration 122 if($mybb->settings['hiddencaptchaimage']) 123 { 124 $string = $mybb->settings['hiddencaptchaimagefield']; 125 126 if(!empty($mybb->input[$string])) 127 { 128 error($lang->error_spam_deny); 129 } 130 } 131 132 if($mybb->settings['regtype'] == "randompass") 133 { 134 135 $password_length = (int)$mybb->settings['minpasswordlength']; 136 if($password_length < 8) 137 { 138 $password_length = min(8, (int)$mybb->settings['maxpasswordlength']); 139 } 140 141 $mybb->input['password'] = random_str($password_length, $mybb->settings['requirecomplexpasswords']); 142 $mybb->input['password2'] = $mybb->input['password']; 143 } 144 145 if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1) 146 { 147 $usergroup = 5; 148 } 149 else 150 { 151 $usergroup = 2; 152 } 153 154 // Set up user handler. 155 require_once MYBB_ROOT."inc/datahandlers/user.php"; 156 $userhandler = new UserDataHandler("insert"); 157 158 $coppauser = 0; 159 if(isset($mybb->cookies['coppauser'])) 160 { 161 $coppauser = (int)$mybb->cookies['coppauser']; 162 } 163 164 // Set the data for the new user. 165 $user = array( 166 "username" => $mybb->get_input('username'), 167 "password" => $mybb->get_input('password'), 168 "password2" => $mybb->get_input('password2'), 169 "email" => $mybb->get_input('email'), 170 "email2" => $mybb->get_input('email2'), 171 "usergroup" => $usergroup, 172 "referrer" => $mybb->get_input('referrername'), 173 "timezone" => $mybb->get_input('timezoneoffset'), 174 "language" => $mybb->get_input('language'), 175 "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY), 176 "regip" => $session->packedip, 177 "coppa_user" => $coppauser, 178 "regcheck1" => $mybb->get_input('regcheck1'), 179 "regcheck2" => $mybb->get_input('regcheck2'), 180 "registration" => true 181 ); 182 183 // Do we have a saved COPPA DOB? 184 if(isset($mybb->cookies['coppadob'])) 185 { 186 list($dob_day, $dob_month, $dob_year) = explode("-", $mybb->cookies['coppadob']); 187 $user['birthday'] = array( 188 "day" => $dob_day, 189 "month" => $dob_month, 190 "year" => $dob_year 191 ); 192 } 193 194 $user['options'] = array( 195 "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT), 196 "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT), 197 "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT), 198 "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT), 199 "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT), 200 "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT), 201 "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT), 202 "dstcorrection" => $mybb->get_input('dstcorrection') 203 ); 204 205 $userhandler->set_data($user); 206 207 $errors = array(); 208 209 if(!$userhandler->validate_user()) 210 { 211 $errors = $userhandler->get_friendly_errors(); 212 } 213 214 if($mybb->settings['enablestopforumspam_on_register']) 215 { 216 require_once MYBB_ROOT . '/inc/class_stopforumspamchecker.php'; 217 218 $stop_forum_spam_checker = new StopForumSpamChecker( 219 $plugins, 220 $mybb->settings['stopforumspam_min_weighting_before_spam'], 221 $mybb->settings['stopforumspam_check_usernames'], 222 $mybb->settings['stopforumspam_check_emails'], 223 $mybb->settings['stopforumspam_check_ips'], 224 $mybb->settings['stopforumspam_log_blocks'] 225 ); 226 227 try { 228 if($stop_forum_spam_checker->is_user_a_spammer($user['username'], $user['email'], get_ip())) 229 { 230 error($lang->sprintf($lang->error_stop_forum_spam_spammer, 231 $stop_forum_spam_checker->getErrorText(array( 232 'stopforumspam_check_usernames', 233 'stopforumspam_check_emails', 234 'stopforumspam_check_ips' 235 )))); 236 } 237 } 238 catch (Exception $e) 239 { 240 if($mybb->settings['stopforumspam_block_on_error']) 241 { 242 error($lang->error_stop_forum_spam_fetching); 243 } 244 } 245 } 246 247 if($mybb->settings['captchaimage']) 248 { 249 require_once MYBB_ROOT.'inc/class_captcha.php'; 250 $captcha = new captcha; 251 252 if($captcha->validate_captcha() == false) 253 { 254 // CAPTCHA validation failed 255 foreach($captcha->get_errors() as $error) 256 { 257 $errors[] = $error; 258 } 259 } 260 } 261 262 // If we have a security question, check to see if answer is correct 263 if($mybb->settings['securityquestion']) 264 { 265 $question_id = $db->escape_string($mybb->get_input('question_id')); 266 $answer = $db->escape_string($mybb->get_input('answer')); 267 268 $query = $db->query(" 269 SELECT q.*, s.sid 270 FROM ".TABLE_PREFIX."questionsessions s 271 LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid) 272 WHERE q.active='1' AND s.sid='{$question_id}' 273 "); 274 if($db->num_rows($query) > 0) 275 { 276 $question = $db->fetch_array($query); 277 $valid_answers = explode("\n", $question['answer']); 278 $validated = 0; 279 280 foreach($valid_answers as $answers) 281 { 282 if(my_strtolower($answers) == my_strtolower($answer)) 283 { 284 $validated = 1; 285 } 286 } 287 288 if($validated != 1) 289 { 290 $update_question = array( 291 "incorrect" => $question['incorrect'] + 1 292 ); 293 $db->update_query("questions", $update_question, "qid='{$question['qid']}'"); 294 295 $errors[] = $lang->error_question_wrong; 296 } 297 else 298 { 299 $update_question = array( 300 "correct" => $question['correct'] + 1 301 ); 302 $db->update_query("questions", $update_question, "qid='{$question['qid']}'"); 303 } 304 305 $db->delete_query("questionsessions", "sid='{$question_id}'"); 306 } 307 else 308 { 309 $errors[] = $lang->error_question_wrong; 310 } 311 } 312 313 $regerrors = ''; 314 if(!empty($errors)) 315 { 316 $username = htmlspecialchars_uni($mybb->get_input('username')); 317 $email = htmlspecialchars_uni($mybb->get_input('email')); 318 $email2 = htmlspecialchars_uni($mybb->get_input('email2')); 319 $referrername = htmlspecialchars_uni($mybb->get_input('referrername')); 320 321 $allownoticescheck = $hideemailcheck = $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = ''; 322 $receivepmscheck = $pmnoticecheck = $pmnotifycheck = $invisiblecheck = $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = ''; 323 324 if($mybb->get_input('allownotices', MyBB::INPUT_INT) == 1) 325 { 326 $allownoticescheck = "checked=\"checked\""; 327 } 328 329 if($mybb->get_input('hideemail', MyBB::INPUT_INT) == 1) 330 { 331 $hideemailcheck = "checked=\"checked\""; 332 } 333 334 if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 1) 335 { 336 $no_subscribe_selected = "selected=\"selected\""; 337 } 338 else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 2) 339 { 340 $instant_email_subscribe_selected = "selected=\"selected\""; 341 } 342 else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 3) 343 { 344 $instant_pm_subscribe_selected = "selected=\"selected\""; 345 } 346 else 347 { 348 $no_auto_subscribe_selected = "selected=\"selected\""; 349 } 350 351 if($mybb->get_input('receivepms', MyBB::INPUT_INT) == 1) 352 { 353 $receivepmscheck = "checked=\"checked\""; 354 } 355 356 if($mybb->get_input('pmnotice', MyBB::INPUT_INT) == 1) 357 { 358 $pmnoticecheck = " checked=\"checked\""; 359 } 360 361 if($mybb->get_input('pmnotify', MyBB::INPUT_INT) == 1) 362 { 363 $pmnotifycheck = "checked=\"checked\""; 364 } 365 366 if($mybb->get_input('invisible', MyBB::INPUT_INT) == 1) 367 { 368 $invisiblecheck = "checked=\"checked\""; 369 } 370 371 if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 2) 372 { 373 $dst_auto_selected = "selected=\"selected\""; 374 } 375 else if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 1) 376 { 377 $dst_enabled_selected = "selected=\"selected\""; 378 } 379 else 380 { 381 $dst_disabled_selected = "selected=\"selected\""; 382 } 383 384 $regerrors = inline_error($errors); 385 $mybb->input['action'] = "register"; 386 $fromreg = 1; 387 } 388 else 389 { 390 $user_info = $userhandler->insert_user(); 391 392 // Invalidate solved captcha 393 if($mybb->settings['captchaimage']) 394 { 395 $captcha->invalidate_captcha(); 396 } 397 398 if($mybb->settings['regtype'] != "randompass" && empty($mybb->cookies['coppauser'])) 399 { 400 // Log them in 401 my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true, "lax"); 402 } 403 404 if(!empty($mybb->cookies['coppauser'])) 405 { 406 $lang->redirect_registered_coppa_activate = $lang->sprintf($lang->redirect_registered_coppa_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username'])); 407 my_unsetcookie("coppauser"); 408 my_unsetcookie("coppadob"); 409 $plugins->run_hooks("member_do_register_end"); 410 error($lang->redirect_registered_coppa_activate); 411 } 412 else if($mybb->settings['regtype'] == "verify") 413 { 414 $activationcode = random_str(); 415 $now = TIME_NOW; 416 $activationarray = array( 417 "uid" => $user_info['uid'], 418 "dateline" => TIME_NOW, 419 "code" => $activationcode, 420 "type" => "r" 421 ); 422 $db->insert_query("awaitingactivation", $activationarray); 423 $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']); 424 switch($mybb->settings['username_method']) 425 { 426 case 0: 427 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 428 break; 429 case 1: 430 $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 431 break; 432 case 2: 433 $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 434 break; 435 default: 436 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 437 break; 438 } 439 my_mail($user_info['email'], $emailsubject, $emailmessage); 440 441 $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username'])); 442 443 $plugins->run_hooks("member_do_register_end"); 444 445 error($lang->redirect_registered_activation); 446 } 447 else if($mybb->settings['regtype'] == "randompass") 448 { 449 $emailsubject = $lang->sprintf($lang->emailsubject_randompassword, $mybb->settings['bbname']); 450 switch($mybb->settings['username_method']) 451 { 452 case 0: 453 $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password')); 454 break; 455 case 1: 456 $emailmessage = $lang->sprintf($lang->email_randompassword1, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password')); 457 break; 458 case 2: 459 $emailmessage = $lang->sprintf($lang->email_randompassword2, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password')); 460 break; 461 default: 462 $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password')); 463 break; 464 } 465 my_mail($user_info['email'], $emailsubject, $emailmessage); 466 467 $plugins->run_hooks("member_do_register_end"); 468 469 error($lang->redirect_registered_passwordsent); 470 } 471 else if($mybb->settings['regtype'] == "admin") 472 { 473 $groups = $cache->read("usergroups"); 474 $admingroups = array(); 475 if(!empty($groups)) // Shouldn't be... 476 { 477 foreach($groups as $group) 478 { 479 if($group['cancp'] == 1) 480 { 481 $admingroups[] = (int)$group['gid']; 482 } 483 } 484 } 485 486 if(!empty($admingroups)) 487 { 488 $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')'; 489 foreach($admingroups as $admingroup) 490 { 491 switch($db->type) 492 { 493 case 'pgsql': 494 case 'sqlite': 495 $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'"; 496 break; 497 default: 498 $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'"; 499 break; 500 } 501 } 502 $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere); 503 while($recipient = $db->fetch_array($q)) 504 { 505 // First we check if the user's a super admin: if yes, we don't care about permissions 506 $is_super_admin = is_super_admin($recipient['uid']); 507 if(!$is_super_admin) 508 { 509 // Include admin functions 510 if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php")) 511 { 512 continue; 513 } 514 515 require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"; 516 517 // Verify if we have permissions to access user-users 518 require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php"; 519 if(function_exists("user_admin_permissions")) 520 { 521 // Get admin permissions 522 $adminperms = get_admin_permissions($recipient['uid']); 523 524 $permissions = user_admin_permissions(); 525 if(array_key_exists('users', $permissions['permissions']) && $adminperms['user']['users'] != 1) 526 { 527 continue; // No permissions 528 } 529 } 530 } 531 532 // Load language 533 if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language'])) 534 { 535 $reset_lang = true; 536 $lang->set_language($recipient['language']); 537 $lang->load("member"); 538 } 539 540 $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']); 541 $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']); 542 my_mail($recipient['email'], $subject, $message); 543 } 544 545 // Reset language 546 if(isset($reset_lang)) 547 { 548 $lang->set_language($mybb->settings['bblanguage']); 549 $lang->load("member"); 550 } 551 } 552 553 $lang->redirect_registered_admin_activate = $lang->sprintf($lang->redirect_registered_admin_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username'])); 554 555 $plugins->run_hooks("member_do_register_end"); 556 557 error($lang->redirect_registered_admin_activate); 558 } 559 else if($mybb->settings['regtype'] == "both") 560 { 561 $groups = $cache->read("usergroups"); 562 $admingroups = array(); 563 if(!empty($groups)) // Shouldn't be... 564 { 565 foreach($groups as $group) 566 { 567 if($group['cancp'] == 1) 568 { 569 $admingroups[] = (int)$group['gid']; 570 } 571 } 572 } 573 574 if(!empty($admingroups)) 575 { 576 $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')'; 577 foreach($admingroups as $admingroup) 578 { 579 switch($db->type) 580 { 581 case 'pgsql': 582 case 'sqlite': 583 $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'"; 584 break; 585 default: 586 $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'"; 587 break; 588 } 589 } 590 $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere); 591 while($recipient = $db->fetch_array($q)) 592 { 593 // First we check if the user's a super admin: if yes, we don't care about permissions 594 $is_super_admin = is_super_admin($recipient['uid']); 595 if(!$is_super_admin) 596 { 597 // Include admin functions 598 if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php")) 599 { 600 continue; 601 } 602 603 require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"; 604 605 // Verify if we have permissions to access user-users 606 require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php"; 607 // Get admin permissions 608 $adminperms = get_admin_permissions($recipient['uid']); 609 if(empty($adminperms['user']['users']) || $adminperms['user']['users'] != 1) 610 { 611 continue; // No permissions 612 } 613 } 614 615 // Load language 616 if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language'])) 617 { 618 $reset_lang = true; 619 $lang->set_language($recipient['language']); 620 $lang->load("member"); 621 } 622 623 $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']); 624 $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']); 625 my_mail($recipient['email'], $subject, $message); 626 } 627 628 // Reset language 629 if(isset($reset_lang)) 630 { 631 $lang->set_language($mybb->settings['bblanguage']); 632 $lang->load("member"); 633 } 634 } 635 636 $activationcode = random_str(); 637 $activationarray = array( 638 "uid" => $user_info['uid'], 639 "dateline" => TIME_NOW, 640 "code" => $activationcode, 641 "type" => "b" 642 ); 643 $db->insert_query("awaitingactivation", $activationarray); 644 $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']); 645 switch($mybb->settings['username_method']) 646 { 647 case 0: 648 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 649 break; 650 case 1: 651 $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 652 break; 653 case 2: 654 $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 655 break; 656 default: 657 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 658 break; 659 } 660 my_mail($user_info['email'], $emailsubject, $emailmessage); 661 662 $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username'])); 663 664 $plugins->run_hooks("member_do_register_end"); 665 666 error($lang->redirect_registered_activation); 667 } 668 else 669 { 670 $lang->redirect_registered = $lang->sprintf($lang->redirect_registered, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username'])); 671 672 $plugins->run_hooks("member_do_register_end"); 673 674 redirect("index.php", $lang->redirect_registered); 675 } 676 } 677 } 678 679 if($mybb->input['action'] == "coppa_form") 680 { 681 if(!$mybb->settings['faxno']) 682 { 683 $mybb->settings['faxno'] = " "; 684 } 685 686 $plugins->run_hooks("member_coppa_form"); 687 688 eval("\$coppa_form = \"".$templates->get("member_coppa_form")."\";"); 689 output_page($coppa_form); 690 } 691 692 if($mybb->input['action'] == "register") 693 { 694 $bdaysel = ''; 695 if($mybb->settings['coppa'] == "disabled") 696 { 697 $bdaysel = $bday2blank = ''; 698 } 699 $mybb->input['bday1'] = $mybb->get_input('bday1', MyBB::INPUT_INT); 700 for($day = 1; $day <= 31; ++$day) 701 { 702 $selected = ''; 703 if($mybb->input['bday1'] == $day) 704 { 705 $selected = " selected=\"selected\""; 706 } 707 708 eval("\$bdaysel .= \"".$templates->get("member_register_day")."\";"); 709 } 710 711 $mybb->input['bday2'] = $mybb->get_input('bday2', MyBB::INPUT_INT); 712 $bdaymonthsel = array(); 713 foreach(range(1, 12) as $number) 714 { 715 $bdaymonthsel[$number] = ''; 716 } 717 $bdaymonthsel[$mybb->input['bday2']] = "selected=\"selected\""; 718 $birthday_year = $mybb->get_input('bday3', MyBB::INPUT_INT); 719 720 if($birthday_year == 0) 721 { 722 $birthday_year = ''; 723 } 724 725 $under_thirteen = false; 726 727 // Is COPPA checking enabled? 728 if($mybb->settings['coppa'] != "disabled" && !isset($mybb->input['step'])) 729 { 730 // Just selected DOB, we check 731 if($mybb->input['bday1'] && $mybb->input['bday2'] && $birthday_year) 732 { 733 my_unsetcookie("coppauser"); 734 735 $months = get_bdays($birthday_year); 736 if($mybb->input['bday2'] < 1 || $mybb->input['bday2'] > 12 || $birthday_year < (date("Y")-100) || $birthday_year > date("Y") || $mybb->input['bday1'] > $months[$mybb->input['bday2']-1]) 737 { 738 error($lang->error_invalid_birthday); 739 } 740 741 $bdaytime = @mktime(0, 0, 0, $mybb->input['bday2'], $mybb->input['bday1'], $birthday_year); 742 743 // Store DOB in cookie so we can save it with the registration 744 my_setcookie("coppadob", "{$mybb->input['bday1']}-{$mybb->input['bday2']}-{$birthday_year}", -1); 745 746 // User is <= 13, we mark as a coppa user 747 if($bdaytime >= mktime(0, 0, 0, my_date('n'), my_date('d'), my_date('Y')-13)) 748 { 749 my_setcookie("coppauser", 1, -0); 750 $under_thirteen = true; 751 } 752 else 753 { 754 my_setcookie("coppauser", 0, -0); 755 } 756 $mybb->request_method = ""; 757 } 758 // Show DOB select form 759 else 760 { 761 $plugins->run_hooks("member_register_coppa"); 762 763 my_unsetcookie("coppauser"); 764 765 $coppa_desc = $mybb->settings['coppa'] == 'deny' ? $lang->coppa_desc_for_deny : $lang->coppa_desc; 766 eval("\$coppa = \"".$templates->get("member_register_coppa")."\";"); 767 output_page($coppa); 768 exit; 769 } 770 } 771 772 if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) && $fromreg == 0 || $mybb->request_method != "post") 773 { 774 $coppa_agreement = ''; 775 // Is this user a COPPA user? We need to show the COPPA agreement too 776 if($mybb->settings['coppa'] != "disabled" && (!empty($mybb->cookies['coppauser']) || $under_thirteen)) 777 { 778 if($mybb->settings['coppa'] == "deny") 779 { 780 error($lang->error_need_to_be_thirteen); 781 } 782 $lang->coppa_agreement_1 = $lang->sprintf($lang->coppa_agreement_1, $mybb->settings['bbname']); 783 eval("\$coppa_agreement = \"".$templates->get("member_register_agreement_coppa")."\";"); 784 } 785 786 $plugins->run_hooks("member_register_agreement"); 787 788 eval("\$agreement = \"".$templates->get("member_register_agreement")."\";"); 789 output_page($agreement); 790 } 791 else 792 { 793 $plugins->run_hooks("member_register_start"); 794 795 // JS validator extra 796 if($mybb->settings['maxnamelength'] > 0 && $mybb->settings['minnamelength'] > 0) 797 { 798 $lang->js_validator_username_length = $lang->sprintf($lang->js_validator_username_length, $mybb->settings['minnamelength'], $mybb->settings['maxnamelength']); 799 } 800 801 if(isset($mybb->input['timezoneoffset'])) 802 { 803 $timezoneoffset = $mybb->get_input('timezoneoffset'); 804 } 805 else 806 { 807 $timezoneoffset = $mybb->settings['timezoneoffset']; 808 } 809 $tzselect = build_timezone_select("timezoneoffset", $timezoneoffset, true); 810 811 $stylelist = build_theme_select("style"); 812 813 if($mybb->settings['usertppoptions']) 814 { 815 $tppoptions = ''; 816 $explodedtpp = explode(",", $mybb->settings['usertppoptions']); 817 if(is_array($explodedtpp)) 818 { 819 foreach($explodedtpp as $val) 820 { 821 $val = trim($val); 822 $tpp_option = $lang->sprintf($lang->tpp_option, $val); 823 eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";"); 824 } 825 } 826 eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";"); 827 } 828 if($mybb->settings['userpppoptions']) 829 { 830 $pppoptions = ''; 831 $explodedppp = explode(",", $mybb->settings['userpppoptions']); 832 if(is_array($explodedppp)) 833 { 834 foreach($explodedppp as $val) 835 { 836 $val = trim($val); 837 $ppp_option = $lang->sprintf($lang->ppp_option, $val); 838 eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";"); 839 } 840 } 841 eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";"); 842 } 843 if($mybb->settings['usereferrals'] == 1 && !$mybb->user['uid']) 844 { 845 if(isset($mybb->cookies['mybb']['referrer'])) 846 { 847 $query = $db->simple_select("users", "uid,username", "uid='".(int)$mybb->cookies['mybb']['referrer']."'"); 848 $ref = $db->fetch_array($query); 849 $ref['username'] = htmlspecialchars_uni($ref['username']); 850 $referrername = $ref['username']; 851 } 852 elseif(!empty($referrer)) 853 { 854 $query = $db->simple_select("users", "username", "uid='".(int)$referrer['uid']."'"); 855 $ref = $db->fetch_array($query); 856 $ref['username'] = htmlspecialchars_uni($ref['username']); 857 $referrername = $ref['username']; 858 } 859 elseif(!empty($referrername)) 860 { 861 $ref = get_user_by_username($referrername); 862 if(!$ref) 863 { 864 $errors[] = $lang->error_badreferrer; 865 } 866 } 867 else 868 { 869 $referrername = ''; 870 } 871 if(isset($quickreg)) 872 { 873 $refbg = "trow1"; 874 } 875 else 876 { 877 $refbg = "trow2"; 878 } 879 eval("\$referrer = \"".$templates->get("member_register_referrer")."\";"); 880 } 881 else 882 { 883 $referrer = ''; 884 } 885 $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY); 886 // Custom profile fields baby! 887 $altbg = "trow1"; 888 $requiredfields = $customfields = ''; 889 890 if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1) 891 { 892 $usergroup = 5; 893 } 894 else 895 { 896 $usergroup = 2; 897 } 898 899 $pfcache = $cache->read('profilefields'); 900 901 if(is_array($pfcache)) 902 { 903 $jsvar_reqfields = array(); 904 foreach($pfcache as $profilefield) 905 { 906 if($profilefield['required'] != 1 && $profilefield['registration'] != 1 || !is_member($profilefield['editableby'], array('usergroup' => $mybb->user['usergroup'], 'additionalgroups' => $usergroup))) 907 { 908 continue; 909 } 910 911 $code = $select = $val = $options = $expoptions = $useropts = ''; 912 $seloptions = array(); 913 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 914 $thing = explode("\n", $profilefield['type'], 2); 915 $type = trim($thing[0]); 916 $options = isset($thing[1]) ? $thing[1] : null; 917 $select = ''; 918 $field = "fid{$profilefield['fid']}"; 919 $profilefield['description'] = htmlspecialchars_uni($profilefield['description']); 920 $profilefield['name'] = htmlspecialchars_uni($profilefield['name']); 921 if(!empty($errors) && isset($mybb->input['profile_fields'][$field])) 922 { 923 $userfield = $mybb->input['profile_fields'][$field]; 924 } 925 else 926 { 927 $userfield = ''; 928 } 929 if($type == "multiselect") 930 { 931 if(!empty($errors)) 932 { 933 $useropts = $userfield; 934 } 935 else 936 { 937 $useropts = explode("\n", $userfield); 938 } 939 if(is_array($useropts)) 940 { 941 foreach($useropts as $key => $val) 942 { 943 $seloptions[$val] = $val; 944 } 945 } 946 $expoptions = explode("\n", $options); 947 if(is_array($expoptions)) 948 { 949 foreach($expoptions as $key => $val) 950 { 951 $val = trim($val); 952 $val = str_replace("\n", "\\n", $val); 953 954 $sel = ""; 955 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 956 { 957 $sel = ' selected="selected"'; 958 } 959 960 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 961 } 962 if(!$profilefield['length']) 963 { 964 $profilefield['length'] = 3; 965 } 966 967 eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";"); 968 } 969 } 970 elseif($type == "select") 971 { 972 $expoptions = explode("\n", $options); 973 if(is_array($expoptions)) 974 { 975 foreach($expoptions as $key => $val) 976 { 977 $val = trim($val); 978 $val = str_replace("\n", "\\n", $val); 979 $sel = ""; 980 if($val == $userfield) 981 { 982 $sel = ' selected="selected"'; 983 } 984 985 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 986 } 987 if(!$profilefield['length']) 988 { 989 $profilefield['length'] = 1; 990 } 991 992 eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";"); 993 } 994 } 995 elseif($type == "radio") 996 { 997 $expoptions = explode("\n", $options); 998 if(is_array($expoptions)) 999 { 1000 foreach($expoptions as $key => $val) 1001 { 1002 $checked = ""; 1003 if($val == $userfield) 1004 { 1005 $checked = 'checked="checked"'; 1006 } 1007 1008 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";"); 1009 } 1010 } 1011 } 1012 elseif($type == "checkbox") 1013 { 1014 if(!empty($errors)) 1015 { 1016 $useropts = $userfield; 1017 } 1018 else 1019 { 1020 $useropts = explode("\n", $userfield); 1021 } 1022 if(is_array($useropts)) 1023 { 1024 foreach($useropts as $key => $val) 1025 { 1026 $seloptions[$val] = $val; 1027 } 1028 } 1029 $expoptions = explode("\n", $options); 1030 if(is_array($expoptions)) 1031 { 1032 foreach($expoptions as $key => $val) 1033 { 1034 $checked = ""; 1035 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 1036 { 1037 $checked = 'checked="checked"'; 1038 } 1039 1040 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";"); 1041 } 1042 } 1043 } 1044 elseif($type == "textarea") 1045 { 1046 $value = htmlspecialchars_uni($userfield); 1047 eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";"); 1048 } 1049 else 1050 { 1051 $value = htmlspecialchars_uni($userfield); 1052 $maxlength = ""; 1053 if($profilefield['maxlength'] > 0) 1054 { 1055 $maxlength = " maxlength=\"{$profilefield['maxlength']}\""; 1056 } 1057 1058 eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";"); 1059 } 1060 1061 if($profilefield['required'] == 1) 1062 { 1063 // JS validator extra, choose correct selectors for everything except single select which always has value 1064 if($type != 'select') 1065 { 1066 $jsvar_reqfields[] = array( 1067 'type' => $type, 1068 'fid' => $field, 1069 ); 1070 } 1071 1072 eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";"); 1073 } 1074 else 1075 { 1076 eval("\$customfields .= \"".$templates->get("member_register_customfield")."\";"); 1077 } 1078 } 1079 1080 if($requiredfields) 1081 { 1082 eval("\$requiredfields = \"".$templates->get("member_register_requiredfields")."\";"); 1083 } 1084 1085 if($customfields) 1086 { 1087 eval("\$customfields = \"".$templates->get("member_register_additionalfields")."\";"); 1088 } 1089 } 1090 1091 if(!isset($fromreg) || $fromreg == 0) 1092 { 1093 $allownoticescheck = "checked=\"checked\""; 1094 $hideemailcheck = ''; 1095 $receivepmscheck = "checked=\"checked\""; 1096 $pmnoticecheck = " checked=\"checked\""; 1097 $pmnotifycheck = ''; 1098 $invisiblecheck = ''; 1099 if($mybb->settings['dstcorrection'] == 1) 1100 { 1101 $enabledstcheck = "checked=\"checked\""; 1102 } 1103 $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = ''; 1104 $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = ''; 1105 $username = $email = $email2 = ''; 1106 $regerrors = ''; 1107 } 1108 // Spambot registration image thingy 1109 $captcha_html = 0; 1110 $regimage = ''; 1111 if($mybb->settings['captchaimage']) 1112 { 1113 require_once MYBB_ROOT.'inc/class_captcha.php'; 1114 $captcha = new captcha(true, "member_register_regimage"); 1115 1116 if($captcha->html) 1117 { 1118 $captcha_html = 1; 1119 $regimage = $captcha->html; 1120 } 1121 } 1122 1123 // Security Question 1124 $questionbox = ''; 1125 $question_exists = 0; 1126 if($mybb->settings['securityquestion']) 1127 { 1128 $sid = generate_question(); 1129 $query = $db->query(" 1130 SELECT q.question, s.sid 1131 FROM ".TABLE_PREFIX."questionsessions s 1132 LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid) 1133 WHERE q.active='1' AND s.sid='{$sid}' 1134 "); 1135 if($db->num_rows($query) > 0) 1136 { 1137 $question_exists = 1; 1138 $question = $db->fetch_array($query); 1139 1140 //Set parser options for security question 1141 $parser_options = array( 1142 "allow_html" => 0, 1143 "allow_mycode" => 1, 1144 "allow_smilies" => 1, 1145 "allow_imgcode" => 1, 1146 "allow_videocode" => 1, 1147 "filter_badwords" => 1, 1148 "me_username" => 0, 1149 "shorten_urls" => 0, 1150 "highlight" => 0, 1151 ); 1152 1153 //Parse question 1154 $question['question'] = $parser->parse_message($question['question'], $parser_options); 1155 $question['sid'] = htmlspecialchars_uni($question['sid']); 1156 1157 $refresh = ''; 1158 // Total questions 1159 $q = $db->simple_select('questions', 'COUNT(qid) as num', 'active=1'); 1160 $num = $db->fetch_field($q, 'num'); 1161 if($num > 1) 1162 { 1163 eval("\$refresh = \"".$templates->get("member_register_question_refresh")."\";"); 1164 } 1165 1166 eval("\$questionbox = \"".$templates->get("member_register_question")."\";"); 1167 } 1168 } 1169 1170 $hiddencaptcha = ''; 1171 // Hidden CAPTCHA for Spambots 1172 if($mybb->settings['hiddencaptchaimage']) 1173 { 1174 $captcha_field = $mybb->settings['hiddencaptchaimagefield']; 1175 1176 eval("\$hiddencaptcha = \"".$templates->get("member_register_hiddencaptcha")."\";"); 1177 } 1178 if($mybb->settings['regtype'] != "randompass") 1179 { 1180 // JS validator extra 1181 $lang->js_validator_password_length = $lang->sprintf($lang->js_validator_password_length, $mybb->settings['minpasswordlength']); 1182 1183 // See if the board has "require complex passwords" enabled. 1184 if($mybb->settings['requirecomplexpasswords'] == 1) 1185 { 1186 $lang->password = $lang->complex_password = $lang->sprintf($lang->complex_password, $mybb->settings['minpasswordlength']); 1187 } 1188 eval("\$passboxes = \"".$templates->get("member_register_password")."\";"); 1189 } 1190 1191 $languages = $lang->get_languages(); 1192 $langoptions = $boardlanguage = ''; 1193 if(count($languages) > 1) 1194 { 1195 foreach($languages as $name => $language) 1196 { 1197 $language = htmlspecialchars_uni($language); 1198 1199 $sel = ''; 1200 if($mybb->get_input('language') == $name) 1201 { 1202 $sel = " selected=\"selected\""; 1203 } 1204 1205 eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";'); 1206 } 1207 1208 eval('$boardlanguage = "'.$templates->get('member_register_language').'";'); 1209 } 1210 1211 // Set the time so we can find automated signups 1212 $time = TIME_NOW; 1213 1214 $plugins->run_hooks("member_register_end"); 1215 1216 $jsvar_reqfields = json_encode($jsvar_reqfields); 1217 1218 $validator_javascript = "<script type=\"text/javascript\"> 1219 var regsettings = { 1220 requiredfields: '{$jsvar_reqfields}', 1221 minnamelength: '{$mybb->settings['minnamelength']}', 1222 maxnamelength: '{$mybb->settings['maxnamelength']}', 1223 minpasswordlength: '{$mybb->settings['minpasswordlength']}', 1224 captchaimage: '{$mybb->settings['captchaimage']}', 1225 captchahtml: '{$captcha_html}', 1226 securityquestion: '{$mybb->settings['securityquestion']}', 1227 questionexists: '{$question_exists}', 1228 requirecomplexpasswords: '{$mybb->settings['requirecomplexpasswords']}', 1229 regtype: '{$mybb->settings['regtype']}', 1230 hiddencaptchaimage: '{$mybb->settings['hiddencaptchaimage']}' 1231 }; 1232 1233 lang.js_validator_no_username = '{$lang->js_validator_no_username}'; 1234 lang.js_validator_username_length = '{$lang->js_validator_username_length}'; 1235 lang.js_validator_invalid_email = '{$lang->js_validator_invalid_email}'; 1236 lang.js_validator_email_match = '{$lang->js_validator_email_match}'; 1237 lang.js_validator_not_empty = '{$lang->js_validator_not_empty}'; 1238 lang.js_validator_password_length = '{$lang->js_validator_password_length}'; 1239 lang.js_validator_password_matches = '{$lang->js_validator_password_matches}'; 1240 lang.js_validator_no_image_text = '{$lang->js_validator_no_image_text}'; 1241 lang.js_validator_no_security_question = '{$lang->js_validator_no_security_question}'; 1242 lang.js_validator_bad_password_security = '{$lang->js_validator_bad_password_security}'; 1243 </script>\n"; 1244 1245 eval("\$registration = \"".$templates->get("member_register")."\";"); 1246 output_page($registration); 1247 } 1248 } 1249 1250 if($mybb->input['action'] == "activate") 1251 { 1252 $plugins->run_hooks("member_activate_start"); 1253 1254 if(isset($mybb->input['username'])) 1255 { 1256 $mybb->input['username'] = $mybb->get_input('username'); 1257 $options = array( 1258 'username_method' => $mybb->settings['username_method'], 1259 'fields' => '*', 1260 ); 1261 $user = get_user_by_username($mybb->input['username'], $options); 1262 if(!$user) 1263 { 1264 switch($mybb->settings['username_method']) 1265 { 1266 case 0: 1267 error($lang->error_invalidpworusername); 1268 break; 1269 case 1: 1270 error($lang->error_invalidpworusername1); 1271 break; 1272 case 2: 1273 error($lang->error_invalidpworusername2); 1274 break; 1275 default: 1276 error($lang->error_invalidpworusername); 1277 break; 1278 } 1279 } 1280 $uid = $user['uid']; 1281 } 1282 else 1283 { 1284 $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT)); 1285 } 1286 if(isset($mybb->input['code']) && $user) 1287 { 1288 $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND (type='r' OR type='e' OR type='b')"); 1289 $activation = $db->fetch_array($query); 1290 if(!$activation) 1291 { 1292 error($lang->error_alreadyactivated); 1293 } 1294 if($activation['code'] !== $mybb->get_input('code')) 1295 { 1296 error($lang->error_badactivationcode); 1297 } 1298 1299 if($activation['type'] == "b" && $activation['validated'] == 1) 1300 { 1301 error($lang->error_alreadyvalidated); 1302 } 1303 1304 $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND (type='r' OR type='e')"); 1305 1306 if($user['usergroup'] == 5 && $activation['type'] != "e" && $activation['type'] != "b") 1307 { 1308 $db->update_query("users", array("usergroup" => 2), "uid='".$user['uid']."'"); 1309 1310 $cache->update_awaitingactivation(); 1311 } 1312 if($activation['type'] == "e") 1313 { 1314 $newemail = array( 1315 "email" => $db->escape_string($activation['misc']), 1316 ); 1317 $db->update_query("users", $newemail, "uid='".$user['uid']."'"); 1318 $plugins->run_hooks("member_activate_emailupdated"); 1319 1320 redirect("usercp.php", $lang->redirect_emailupdated); 1321 } 1322 elseif($activation['type'] == "b") 1323 { 1324 $update = array( 1325 "validated" => 1, 1326 ); 1327 $db->update_query("awaitingactivation", $update, "uid='".$user['uid']."' AND type='b'"); 1328 $plugins->run_hooks("member_activate_emailactivated"); 1329 1330 redirect("index.php", $lang->redirect_accountactivated_admin, "", true); 1331 } 1332 else 1333 { 1334 $plugins->run_hooks("member_activate_accountactivated"); 1335 1336 redirect("index.php", $lang->redirect_accountactivated); 1337 } 1338 } 1339 else 1340 { 1341 $plugins->run_hooks("member_activate_form"); 1342 1343 $code = htmlspecialchars_uni($mybb->get_input('code')); 1344 1345 if(!isset($user['username'])) 1346 { 1347 $user['username'] = ''; 1348 } 1349 $user['username'] = htmlspecialchars_uni($user['username']); 1350 1351 eval("\$activate = \"".$templates->get("member_activate")."\";"); 1352 output_page($activate); 1353 } 1354 } 1355 1356 if($mybb->input['action'] == "do_resendactivation" && $mybb->request_method == "post") 1357 { 1358 $plugins->run_hooks("member_do_resendactivation_start"); 1359 1360 if($mybb->settings['regtype'] == "admin") 1361 { 1362 error($lang->error_activated_by_admin); 1363 } 1364 1365 $errors = array(); 1366 1367 if($mybb->settings['captchaimage']) 1368 { 1369 require_once MYBB_ROOT.'inc/class_captcha.php'; 1370 $captcha = new captcha; 1371 1372 if($captcha->validate_captcha() == false) 1373 { 1374 // CAPTCHA validation failed 1375 foreach($captcha->get_errors() as $error) 1376 { 1377 $errors[] = $error; 1378 } 1379 } 1380 } 1381 1382 $query = $db->query(" 1383 SELECT u.uid, u.username, u.usergroup, u.email, a.code, a.type, a.validated 1384 FROM ".TABLE_PREFIX."users u 1385 LEFT JOIN ".TABLE_PREFIX."awaitingactivation a ON (a.uid=u.uid AND (a.type='r' OR a.type='b')) 1386 WHERE u.email='".$db->escape_string($mybb->get_input('email'))."' 1387 "); 1388 $numusers = $db->num_rows($query); 1389 if($numusers < 1) 1390 { 1391 error($lang->error_invalidemail); 1392 } 1393 else 1394 { 1395 if(count($errors) == 0) 1396 { 1397 while($user = $db->fetch_array($query)) 1398 { 1399 if($user['type'] == "b" && $user['validated'] == 1) 1400 { 1401 error($lang->error_activated_by_admin); 1402 } 1403 1404 if($user['usergroup'] == 5) 1405 { 1406 if(!$user['code']) 1407 { 1408 $user['code'] = random_str(); 1409 $uid = $user['uid']; 1410 $awaitingarray = array( 1411 "uid" => $uid, 1412 "dateline" => TIME_NOW, 1413 "code" => $user['code'], 1414 "type" => $user['type'] 1415 ); 1416 $db->insert_query("awaitingactivation", $awaitingarray); 1417 } 1418 $username = $user['username']; 1419 $email = $user['email']; 1420 $activationcode = $user['code']; 1421 $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']); 1422 switch($mybb->settings['username_method']) 1423 { 1424 case 0: 1425 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode); 1426 break; 1427 case 1: 1428 $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode); 1429 break; 1430 case 2: 1431 $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode); 1432 break; 1433 default: 1434 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode); 1435 break; 1436 } 1437 my_mail($email, $emailsubject, $emailmessage); 1438 } 1439 } 1440 1441 // Invalidate solved captcha 1442 if($mybb->settings['captchaimage']) 1443 { 1444 $captcha->invalidate_captcha(); 1445 } 1446 1447 $plugins->run_hooks("member_do_resendactivation_end"); 1448 1449 redirect("index.php", $lang->redirect_activationresent); 1450 } 1451 else 1452 { 1453 $mybb->input['action'] = "resendactivation"; 1454 } 1455 } 1456 } 1457 1458 if($mybb->input['action'] == "resendactivation") 1459 { 1460 $plugins->run_hooks("member_resendactivation"); 1461 1462 if($mybb->settings['regtype'] == "admin") 1463 { 1464 error($lang->error_activated_by_admin); 1465 } 1466 1467 if($mybb->user['uid'] && $mybb->user['usergroup'] != 5) 1468 { 1469 error($lang->error_alreadyactivated); 1470 } 1471 1472 $query = $db->simple_select("awaitingactivation", "*", "uid='".$mybb->user['uid']."' AND type='b'"); 1473 $activation = $db->fetch_array($query); 1474 1475 if($activation && $activation['validated'] == 1) 1476 { 1477 error($lang->error_activated_by_admin); 1478 } 1479 1480 $captcha = ''; 1481 // Generate CAPTCHA? 1482 if($mybb->settings['captchaimage']) 1483 { 1484 require_once MYBB_ROOT.'inc/class_captcha.php'; 1485 $post_captcha = new captcha(true, "post_captcha"); 1486 1487 if($post_captcha->html) 1488 { 1489 $captcha = $post_captcha->html; 1490 } 1491 } 1492 1493 if(isset($errors) && count($errors) > 0) 1494 { 1495 $errors = inline_error($errors); 1496 $email = htmlspecialchars_uni($mybb->get_input('email')); 1497 } 1498 else 1499 { 1500 $errors = ''; 1501 $email = ''; 1502 } 1503 1504 $plugins->run_hooks("member_resendactivation_end"); 1505 1506 eval("\$activate = \"".$templates->get("member_resendactivation")."\";"); 1507 output_page($activate); 1508 } 1509 1510 if($mybb->input['action'] == "do_lostpw" && $mybb->request_method == "post") 1511 { 1512 $plugins->run_hooks("member_do_lostpw_start"); 1513 1514 $errors = array(); 1515 1516 if($mybb->settings['captchaimage']) 1517 { 1518 require_once MYBB_ROOT.'inc/class_captcha.php'; 1519 $captcha = new captcha; 1520 1521 if($captcha->validate_captcha() == false) 1522 { 1523 // CAPTCHA validation failed 1524 foreach($captcha->get_errors() as $error) 1525 { 1526 $errors[] = $error; 1527 } 1528 } 1529 } 1530 1531 $query = $db->simple_select("users", "*", "email='".$db->escape_string($mybb->get_input('email'))."'"); 1532 $numusers = $db->num_rows($query); 1533 if($numusers < 1) 1534 { 1535 error($lang->error_invalidemail); 1536 } 1537 else 1538 { 1539 if(count($errors) == 0) 1540 { 1541 while($user = $db->fetch_array($query)) 1542 { 1543 $db->delete_query("awaitingactivation", "uid='{$user['uid']}' AND type='p'"); 1544 $user['activationcode'] = random_str(30); 1545 $now = TIME_NOW; 1546 $uid = $user['uid']; 1547 $awaitingarray = array( 1548 "uid" => $user['uid'], 1549 "dateline" => TIME_NOW, 1550 "code" => $user['activationcode'], 1551 "type" => "p" 1552 ); 1553 $db->insert_query("awaitingactivation", $awaitingarray); 1554 $username = $user['username']; 1555 $email = $user['email']; 1556 $activationcode = $user['activationcode']; 1557 $emailsubject = $lang->sprintf($lang->emailsubject_lostpw, $mybb->settings['bbname']); 1558 switch($mybb->settings['username_method']) 1559 { 1560 case 0: 1561 $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); 1562 break; 1563 case 1: 1564 $emailmessage = $lang->sprintf($lang->email_lostpw1, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); 1565 break; 1566 case 2: 1567 $emailmessage = $lang->sprintf($lang->email_lostpw2, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); 1568 break; 1569 default: 1570 $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); 1571 break; 1572 } 1573 my_mail($email, $emailsubject, $emailmessage); 1574 } 1575 1576 // Invalidate solved captcha 1577 if($mybb->settings['captchaimage']) 1578 { 1579 $captcha->invalidate_captcha(); 1580 } 1581 1582 $plugins->run_hooks("member_do_lostpw_end"); 1583 1584 redirect("index.php", $lang->redirect_lostpwsent, "", true); 1585 } 1586 else 1587 { 1588 $mybb->input['action'] = "lostpw"; 1589 } 1590 } 1591 } 1592 1593 if($mybb->input['action'] == "lostpw") 1594 { 1595 $plugins->run_hooks("member_lostpw"); 1596 1597 $captcha = ''; 1598 // Generate CAPTCHA? 1599 if($mybb->settings['captchaimage']) 1600 { 1601 require_once MYBB_ROOT.'inc/class_captcha.php'; 1602 $post_captcha = new captcha(true, "post_captcha"); 1603 1604 if($post_captcha->html) 1605 { 1606 $captcha = $post_captcha->html; 1607 } 1608 } 1609 1610 if(isset($errors) && count($errors) > 0) 1611 { 1612 $errors = inline_error($errors); 1613 $email = htmlspecialchars_uni($mybb->get_input('email')); 1614 } 1615 else 1616 { 1617 $errors = ''; 1618 $email = ''; 1619 } 1620 1621 eval("\$lostpw = \"".$templates->get("member_lostpw")."\";"); 1622 output_page($lostpw); 1623 } 1624 1625 if($mybb->input['action'] == "resetpassword") 1626 { 1627 $plugins->run_hooks("member_resetpassword_start"); 1628 1629 if(isset($mybb->input['username'])) 1630 { 1631 $mybb->input['username'] = $mybb->get_input('username'); 1632 $options = array( 1633 'username_method' => $mybb->settings['username_method'], 1634 'fields' => '*', 1635 ); 1636 $user = get_user_by_username($mybb->input['username'], $options); 1637 if(!$user) 1638 { 1639 switch($mybb->settings['username_method']) 1640 { 1641 case 0: 1642 error($lang->error_invalidpworusername); 1643 break; 1644 case 1: 1645 error($lang->error_invalidpworusername1); 1646 break; 1647 case 2: 1648 error($lang->error_invalidpworusername2); 1649 break; 1650 default: 1651 error($lang->error_invalidpworusername); 1652 break; 1653 } 1654 } 1655 } 1656 else 1657 { 1658 $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT)); 1659 } 1660 1661 if(isset($mybb->input['code']) && $user) 1662 { 1663 $query = $db->simple_select("awaitingactivation", "code", "uid='".$user['uid']."' AND type='p'"); 1664 $activationcode = $db->fetch_field($query, 'code'); 1665 $now = TIME_NOW; 1666 if(!$activationcode || $activationcode !== $mybb->get_input('code')) 1667 { 1668 error($lang->error_badlostpwcode); 1669 } 1670 $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND type='p'"); 1671 $username = $user['username']; 1672 1673 // Generate a new password, then update it 1674 $password_length = (int)$mybb->settings['minpasswordlength']; 1675 1676 if($password_length < 8) 1677 { 1678 $password_length = min(8, (int)$mybb->settings['maxpasswordlength']); 1679 } 1680 1681 // Set up user handler. 1682 require_once MYBB_ROOT.'inc/datahandlers/user.php'; 1683 $userhandler = new UserDataHandler('update'); 1684 1685 do 1686 { 1687 $password = random_str($password_length, $mybb->settings['requirecomplexpasswords']); 1688 1689 $userhandler->set_data(array( 1690 'uid' => $user['uid'], 1691 'username' => $user['username'], 1692 'email' => $user['email'], 1693 'password' => $password 1694 )); 1695 1696 $userhandler->set_validated(true); 1697 $userhandler->errors = array(); 1698 } while(!$userhandler->verify_password()); 1699 1700 $userhandler->update_user(); 1701 1702 $logindetails = array( 1703 'salt' => $userhandler->data['salt'], 1704 'password' => $userhandler->data['password'], 1705 'loginkey' => $userhandler->data['loginkey'], 1706 ); 1707 1708 $email = $user['email']; 1709 1710 $plugins->run_hooks("member_resetpassword_process"); 1711 1712 $emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']); 1713 $emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password); 1714 my_mail($email, $emailsubject, $emailmessage); 1715 1716 $plugins->run_hooks("member_resetpassword_reset"); 1717 1718 error($lang->redirect_passwordreset); 1719 } 1720 else 1721 { 1722 $plugins->run_hooks("member_resetpassword_form"); 1723 1724 switch($mybb->settings['username_method']) 1725 { 1726 case 0: 1727 $lang_username = $lang->username; 1728 break; 1729 case 1: 1730 $lang_username = $lang->username1; 1731 break; 1732 case 2: 1733 $lang_username = $lang->username2; 1734 break; 1735 default: 1736 $lang_username = $lang->username; 1737 break; 1738 } 1739 1740 $code = htmlspecialchars_uni($mybb->get_input('code')); 1741 1742 $input_username = htmlspecialchars_uni($mybb->get_input('username')); 1743 1744 eval("\$activate = \"".$templates->get("member_resetpassword")."\";"); 1745 output_page($activate); 1746 } 1747 } 1748 1749 $do_captcha = $correct = false; 1750 $inline_errors = ""; 1751 if($mybb->input['action'] == "do_login" && $mybb->request_method == "post") 1752 { 1753 verify_post_check($mybb->get_input('my_post_key')); 1754 1755 $errors = array(); 1756 1757 $plugins->run_hooks("member_do_login_start"); 1758 1759 require_once MYBB_ROOT."inc/datahandlers/login.php"; 1760 $loginhandler = new LoginDataHandler("get"); 1761 1762 if($mybb->get_input('quick_password') && $mybb->get_input('quick_username')) 1763 { 1764 $mybb->input['password'] = $mybb->get_input('quick_password'); 1765 $mybb->input['username'] = $mybb->get_input('quick_username'); 1766 $mybb->input['remember'] = $mybb->get_input('quick_remember'); 1767 } 1768 1769 $user = array( 1770 'username' => $mybb->get_input('username'), 1771 'password' => $mybb->get_input('password'), 1772 'remember' => $mybb->get_input('remember'), 1773 'imagestring' => $mybb->get_input('imagestring') 1774 ); 1775 1776 $options = array( 1777 'fields' => 'loginattempts', 1778 'username_method' => (int)$mybb->settings['username_method'], 1779 ); 1780 1781 $user_loginattempts = get_user_by_username($user['username'], $options); 1782 if(!empty($user_loginattempts)) 1783 { 1784 $user['loginattempts'] = (int)$user_loginattempts['loginattempts']; 1785 } 1786 1787 $loginhandler->set_data($user); 1788 $validated = $loginhandler->validate_login(); 1789 1790 if(!$validated) 1791 { 1792 $mybb->input['action'] = "login"; 1793 $mybb->request_method = "get"; 1794 1795 $login_user_uid = 0; 1796 if(!empty($loginhandler->login_data)) 1797 { 1798 $login_user_uid = (int)$loginhandler->login_data['uid']; 1799 $user['loginattempts'] = (int)$loginhandler->login_data['loginattempts']; 1800 } 1801 1802 // Is a fatal call if user has had too many tries 1803 $logins = login_attempt_check($login_user_uid); 1804 1805 $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='".$login_user_uid."'", 1, true); 1806 1807 $errors = $loginhandler->get_friendly_errors(); 1808 1809 // If we need a captcha set it here 1810 if( 1811 $mybb->settings['failedcaptchalogincount'] > 0 && 1812 ( 1813 ( 1814 isset($user['loginattempts']) && 1815 $user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] 1816 ) || 1817 ( 1818 isset($mybb->cookies['loginattempts']) && 1819 (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount'] 1820 ) 1821 ) 1822 ) 1823 { 1824 $do_captcha = true; 1825 $correct = $loginhandler->captcha_verified; 1826 } 1827 } 1828 else if($validated && $loginhandler->captcha_verified == true) 1829 { 1830 // Successful login 1831 if($loginhandler->login_data['coppauser']) 1832 { 1833 error($lang->error_awaitingcoppa); 1834 } 1835 1836 $loginhandler->complete_login(); 1837 1838 $plugins->run_hooks("member_do_login_end"); 1839 1840 $mybb->input['url'] = $mybb->get_input('url'); 1841 1842 if(!empty($mybb->input['url']) && my_strpos(basename($mybb->input['url']), 'member.php') === false && !preg_match('#^javascript:#i', $mybb->input['url'])) 1843 { 1844 if((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false) 1845 { 1846 $mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']); 1847 } 1848 1849 $mybb->input['url'] = str_replace('&', '&', $mybb->input['url']); 1850 1851 if(my_strpos($mybb->input['url'], $mybb->settings['bburl'].'/') !== 0) 1852 { 1853 if(my_strpos($mybb->input['url'], '/') === 0) 1854 { 1855 $mybb->input['url'] = my_substr($mybb->input['url'], 1); 1856 } 1857 $url_segments = explode('/', $mybb->input['url']); 1858 $mybb->input['url'] = $mybb->settings['bburl'].'/'.end($url_segments); 1859 } 1860 1861 // Redirect to the URL if it is not member.php 1862 redirect($mybb->input['url'], $lang->redirect_loggedin); 1863 } 1864 else 1865 { 1866 1867 redirect("index.php", $lang->redirect_loggedin); 1868 } 1869 } 1870 1871 $plugins->run_hooks("member_do_login_end"); 1872 } 1873 1874 if($mybb->input['action'] == "login") 1875 { 1876 $plugins->run_hooks("member_login"); 1877 1878 $member_loggedin_notice = ""; 1879 if($mybb->user['uid'] != 0) 1880 { 1881 $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']); 1882 $lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid'])); 1883 eval("\$member_loggedin_notice = \"".$templates->get("member_loggedin_notice")."\";"); 1884 } 1885 1886 // Checks to make sure the user can login; they haven't had too many tries at logging in. 1887 // Is a fatal call if user has had too many tries. This particular check uses cookies, as a uid is not set yet 1888 // and we can't check loginattempts in the db 1889 login_attempt_check(); 1890 1891 // Redirect to the page where the user came from, but not if that was the login page. 1892 if(isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], "action=login") === false) 1893 { 1894 $redirect_url = htmlentities($_SERVER['HTTP_REFERER']); 1895 } 1896 else 1897 { 1898 $redirect_url = ''; 1899 } 1900 1901 $captcha = ''; 1902 // Show captcha image for guests if enabled and only if we have to do 1903 if($mybb->settings['captchaimage'] && $do_captcha == true) 1904 { 1905 require_once MYBB_ROOT.'inc/class_captcha.php'; 1906 $login_captcha = new captcha(false, "post_captcha"); 1907 1908 if($login_captcha->type == captcha::DEFAULT_CAPTCHA) 1909 { 1910 if(!$correct) 1911 { 1912 $login_captcha->build_captcha(); 1913 } 1914 else 1915 { 1916 $captcha = $login_captcha->build_hidden_captcha(); 1917 } 1918 } 1919 elseif(in_array($login_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))) 1920 { 1921 $login_captcha->build_recaptcha(); 1922 } 1923 elseif(in_array($login_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))) 1924 { 1925 $login_captcha->build_hcaptcha(); 1926 } 1927 elseif($login_captcha->type == captcha::CFTURNSTILE) 1928 { 1929 $login_captcha->build_cfturnstile(); 1930 } 1931 1932 if($login_captcha->html) 1933 { 1934 $captcha = $login_captcha->html; 1935 } 1936 } 1937 1938 $username = ""; 1939 $password = ""; 1940 if(isset($mybb->input['username']) && $mybb->request_method == "post") 1941 { 1942 $username = htmlspecialchars_uni($mybb->get_input('username')); 1943 } 1944 1945 if(isset($mybb->input['password']) && $mybb->request_method == "post") 1946 { 1947 $password = htmlspecialchars_uni($mybb->get_input('password')); 1948 } 1949 1950 if(!empty($errors)) 1951 { 1952 $mybb->input['action'] = "login"; 1953 $mybb->request_method = "get"; 1954 1955 $inline_errors = inline_error($errors); 1956 } 1957 1958 switch($mybb->settings['username_method']) 1959 { 1960 case 1: 1961 $lang->username = $lang->username1; 1962 break; 1963 case 2: 1964 $lang->username = $lang->username2; 1965 break; 1966 default: 1967 break; 1968 } 1969 1970 $plugins->run_hooks("member_login_end"); 1971 1972 eval("\$login = \"".$templates->get("member_login")."\";"); 1973 output_page($login); 1974 } 1975 1976 if($mybb->input['action'] == "logout") 1977 { 1978 $plugins->run_hooks("member_logout_start"); 1979 1980 if(!$mybb->user['uid']) 1981 { 1982 redirect("index.php", $lang->redirect_alreadyloggedout); 1983 } 1984 1985 // Check session ID if we have one 1986 if(isset($mybb->input['sid']) && $mybb->get_input('sid') !== $session->sid) 1987 { 1988 error($lang->error_notloggedout); 1989 } 1990 // Otherwise, check logoutkey 1991 else if(!isset($mybb->input['sid']) && $mybb->get_input('logoutkey') !== $mybb->user['logoutkey']) 1992 { 1993 error($lang->error_notloggedout); 1994 } 1995 1996 my_unsetcookie("mybbuser"); 1997 my_unsetcookie("sid"); 1998 1999 if($mybb->user['uid']) 2000 { 2001 $time = TIME_NOW; 2002 // Run this after the shutdown query from session system 2003 $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'"); 2004 $db->delete_query("sessions", "sid = '{$session->sid}'"); 2005 } 2006 2007 $plugins->run_hooks("member_logout_end"); 2008 2009 redirect("index.php", $lang->redirect_loggedout); 2010 } 2011 2012 if($mybb->input['action'] == "viewnotes") 2013 { 2014 $uid = $mybb->get_input('uid', MyBB::INPUT_INT); 2015 $user = get_user($uid); 2016 2017 // Make sure we are looking at a real user here. 2018 if(!$user) 2019 { 2020 error($lang->error_nomember); 2021 } 2022 2023 if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1) 2024 { 2025 error_no_permission(); 2026 } 2027 2028 $user['username'] = htmlspecialchars_uni($user['username']); 2029 $lang->view_notes_for = $lang->sprintf($lang->view_notes_for, $user['username']); 2030 2031 $user['usernotes'] = nl2br(htmlspecialchars_uni($user['usernotes'])); 2032 2033 $plugins->run_hooks('member_viewnotes'); 2034 2035 eval("\$viewnotes = \"".$templates->get("member_viewnotes", 1, 0)."\";"); 2036 echo $viewnotes; 2037 exit; 2038 } 2039 2040 if($mybb->input['action'] == "profile") 2041 { 2042 if($mybb->usergroup['canviewprofiles'] == 0) 2043 { 2044 error_no_permission(); 2045 } 2046 2047 $uid = $mybb->get_input('uid', MyBB::INPUT_INT); 2048 if($uid) 2049 { 2050 $memprofile = get_user($uid); 2051 } 2052 elseif($mybb->user['uid']) 2053 { 2054 $memprofile = $mybb->user; 2055 } 2056 else 2057 { 2058 $memprofile = false; 2059 } 2060 2061 if(!$memprofile) 2062 { 2063 error($lang->error_nomember); 2064 } 2065 2066 $uid = $memprofile['uid']; 2067 2068 $plugins->run_hooks("member_profile_start"); 2069 2070 $me_username = $memprofile['username']; 2071 $memprofile['username'] = htmlspecialchars_uni($memprofile['username']); 2072 $lang->profile = $lang->sprintf($lang->profile, $memprofile['username']); 2073 2074 // Get member's permissions 2075 $memperms = user_permissions($memprofile['uid']); 2076 2077 // Set display group 2078 $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image"); 2079 2080 if(!$memprofile['displaygroup']) 2081 { 2082 $memprofile['displaygroup'] = $memprofile['usergroup']; 2083 } 2084 2085 $displaygroup = usergroup_displaygroup($memprofile['displaygroup']); 2086 if(is_array($displaygroup)) 2087 { 2088 $memperms = array_merge($memperms, $displaygroup); 2089 } 2090 2091 $lang->nav_profile = $lang->sprintf($lang->nav_profile, $memprofile['username']); 2092 add_breadcrumb($lang->nav_profile); 2093 2094 $lang->users_forum_info = $lang->sprintf($lang->users_forum_info, $memprofile['username']); 2095 $lang->users_contact_details = $lang->sprintf($lang->users_contact_details, $memprofile['username']); 2096 $lang->send_pm = $lang->sprintf($lang->send_pm, $memprofile['username']); 2097 $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']); 2098 $lang->users_additional_info = $lang->sprintf($lang->users_additional_info, $memprofile['username']); 2099 $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']); 2100 $lang->send_user_email = $lang->sprintf($lang->send_user_email, $memprofile['username']); 2101 2102 $useravatar = format_avatar($memprofile['avatar'], $memprofile['avatardimensions']); 2103 eval("\$avatar = \"".$templates->get("member_profile_avatar")."\";"); 2104 2105 $website = $sendemail = $sendpm = $contact_details = ''; 2106 2107 if(my_validate_url($memprofile['website']) && !is_member($mybb->settings['hidewebsite']) && $memperms['canchangewebsite'] == 1) 2108 { 2109 $memprofile['website'] = htmlspecialchars_uni($memprofile['website']); 2110 $bgcolor = alt_trow(); 2111 eval("\$website = \"".$templates->get("member_profile_website")."\";"); 2112 } 2113 2114 if($mybb->usergroup['cansendemail'] == 1 && $uid != $mybb->user['uid'] && $memprofile['hideemail'] != 1 && (my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false || $mybb->usergroup['cansendemailoverride'] != 0)) 2115 { 2116 $bgcolor = alt_trow(); 2117 eval("\$sendemail = \"".$templates->get("member_profile_email")."\";"); 2118 } 2119 2120 if($mybb->settings['enablepms'] != 0 && $uid != $mybb->user['uid'] && $mybb->usergroup['canusepms'] == 1 && (($memprofile['receivepms'] != 0 && $memperms['canusepms'] != 0 && my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false) || $mybb->usergroup['canoverridepm'] == 1)) 2121 { 2122 $bgcolor = alt_trow(); 2123 eval('$sendpm = "'.$templates->get("member_profile_pm").'";'); 2124 } 2125 2126 if($sendemail || $sendpm || $website) 2127 { 2128 eval('$contact_details = "'.$templates->get("member_profile_contact_details").'";'); 2129 } 2130 2131 $signature = ''; 2132 if($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW) && !is_member($mybb->settings['hidesignatures']) && $memperms['canusesig'] && $memperms['canusesigxposts'] <= $memprofile['postnum']) 2133 { 2134 $sig_parser = array( 2135 "allow_html" => $mybb->settings['sightml'], 2136 "allow_mycode" => $mybb->settings['sigmycode'], 2137 "allow_smilies" => $mybb->settings['sigsmilies'], 2138 "allow_imgcode" => $mybb->settings['sigimgcode'], 2139 "me_username" => $me_username, 2140 "filter_badwords" => 1 2141 ); 2142 2143 if($memperms['signofollow']) 2144 { 2145 $sig_parser['nofollow_on'] = 1; 2146 } 2147 2148 if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0) 2149 { 2150 $sig_parser['allow_imgcode'] = 0; 2151 } 2152 2153 $memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser); 2154 eval("\$signature = \"".$templates->get("member_profile_signature")."\";"); 2155 } 2156 2157 $daysreg = (TIME_NOW - $memprofile['regdate']) / (24*3600); 2158 2159 if($daysreg < 1) 2160 { 2161 $daysreg = 1; 2162 } 2163 2164 $stats = $cache->read("stats"); 2165 2166 // Format post count, per day count and percent of total 2167 $ppd = $memprofile['postnum'] / $daysreg; 2168 $ppd = round($ppd, 2); 2169 if($ppd > $memprofile['postnum']) 2170 { 2171 $ppd = $memprofile['postnum']; 2172 } 2173 2174 $numposts = $stats['numposts']; 2175 if($numposts == 0) 2176 { 2177 $post_percent = "0"; 2178 } 2179 else 2180 { 2181 $post_percent = $memprofile['postnum']*100/$numposts; 2182 $post_percent = round($post_percent, 2); 2183 } 2184 2185 if($post_percent > 100) 2186 { 2187 $post_percent = 100; 2188 } 2189 2190 // Format thread count, per day count and percent of total 2191 $tpd = $memprofile['threadnum'] / $daysreg; 2192 $tpd = round($tpd, 2); 2193 if($tpd > $memprofile['threadnum']) 2194 { 2195 $tpd = $memprofile['threadnum']; 2196 } 2197 2198 $numthreads = $stats['numthreads']; 2199 if($numthreads == 0) 2200 { 2201 $thread_percent = "0"; 2202 } 2203 else 2204 { 2205 $thread_percent = $memprofile['threadnum']*100/$numthreads; 2206 $thread_percent = round($thread_percent, 2); 2207 } 2208 2209 if($thread_percent > 100) 2210 { 2211 $thread_percent = 100; 2212 } 2213 2214 $findposts = $findthreads = ''; 2215 if($mybb->usergroup['cansearch'] == 1) 2216 { 2217 if(!empty($memprofile['postnum'])) 2218 { 2219 eval("\$findposts = \"".$templates->get("member_profile_findposts")."\";"); 2220 } 2221 if(!empty($memprofile['threadnum'])) 2222 { 2223 eval("\$findthreads = \"".$templates->get("member_profile_findthreads")."\";"); 2224 } 2225 } 2226 2227 $awaybit = ''; 2228 if($memprofile['away'] == 1 && $mybb->settings['allowaway'] != 0) 2229 { 2230 $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']); 2231 $awaydate = my_date($mybb->settings['dateformat'], $memprofile['awaydate']); 2232 if(!empty($memprofile['awayreason'])) 2233 { 2234 $reason = $parser->parse_badwords($memprofile['awayreason']); 2235 $awayreason = htmlspecialchars_uni($reason); 2236 } 2237 else 2238 { 2239 $awayreason = $lang->away_no_reason; 2240 } 2241 if($memprofile['returndate'] == '') 2242 { 2243 $returndate = "$lang->unknown"; 2244 } 2245 else 2246 { 2247 $returnhome = explode("-", $memprofile['returndate']); 2248 2249 // PHP native date functions use integers so timestamps for years after 2038 will not work 2250 // Thus we use adodb_mktime 2251 if($returnhome[2] >= 2038) 2252 { 2253 require_once MYBB_ROOT."inc/functions_time.php"; 2254 $returnmkdate = adodb_mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]); 2255 $returndate = my_date($mybb->settings['dateformat'], $returnmkdate, "", 1, true); 2256 } 2257 else 2258 { 2259 $returnmkdate = mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]); 2260 $returndate = my_date($mybb->settings['dateformat'], $returnmkdate); 2261 } 2262 2263 // If our away time has expired already, we should be back, right? 2264 if($returnmkdate < TIME_NOW) 2265 { 2266 $db->update_query('users', array('away' => '0', 'awaydate' => '0', 'returndate' => '', 'awayreason' => ''), 'uid=\''.(int)$memprofile['uid'].'\''); 2267 2268 // Update our status to "not away" 2269 $memprofile['away'] = 0; 2270 } 2271 } 2272 2273 // Check if our away status is set to 1, it may have been updated already (see a few lines above) 2274 if($memprofile['away'] == 1) 2275 { 2276 eval("\$awaybit = \"".$templates->get("member_profile_away")."\";"); 2277 } 2278 } 2279 2280 $memprofile['timezone'] = (float)$memprofile['timezone']; 2281 2282 if($memprofile['dst'] == 1) 2283 { 2284 $memprofile['timezone']++; 2285 if(my_substr($memprofile['timezone'], 0, 1) != "-") 2286 { 2287 $memprofile['timezone'] = "+{$memprofile['timezone']}"; 2288 } 2289 } 2290 2291 $memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']); 2292 $memlocaldate = gmdate($mybb->settings['dateformat'], TIME_NOW + ($memprofile['timezone'] * 3600)); 2293 $memlocaltime = gmdate($mybb->settings['timeformat'], TIME_NOW + ($memprofile['timezone'] * 3600)); 2294 2295 $localtime = $lang->sprintf($lang->local_time_format, $memlocaldate, $memlocaltime); 2296 2297 if($memprofile['birthday']) 2298 { 2299 $membday = explode("-", $memprofile['birthday']); 2300 2301 if($memprofile['birthdayprivacy'] != 'none') 2302 { 2303 if($membday[0] && $membday[1] && $membday[2]) 2304 { 2305 $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday'])); 2306 2307 $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]); 2308 $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]); 2309 $membday = date($bdayformat, $membday); 2310 2311 $membdayage = $lang->membdayage; 2312 } 2313 elseif($membday[2]) 2314 { 2315 $membday = mktime(0, 0, 0, 1, 1, $membday[2]); 2316 $membday = date("Y", $membday); 2317 $membdayage = ''; 2318 } 2319 else 2320 { 2321 $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0); 2322 $membday = date("F j", $membday); 2323 $membdayage = ''; 2324 } 2325 } 2326 2327 if($memprofile['birthdayprivacy'] == 'age') 2328 { 2329 $membday = $lang->birthdayhidden; 2330 } 2331 else if($memprofile['birthdayprivacy'] == 'none') 2332 { 2333 $membday = $lang->birthdayhidden; 2334 $membdayage = ''; 2335 } 2336 } 2337 else 2338 { 2339 $membday = $lang->not_specified; 2340 $membdayage = ''; 2341 } 2342 2343 // Get the user title for this user 2344 unset($stars); 2345 $usertitle = ''; 2346 $starimage = ''; 2347 if(trim($memprofile['usertitle']) != '') 2348 { 2349 // User has custom user title 2350 $usertitle = $memprofile['usertitle']; 2351 } 2352 elseif(trim($memperms['usertitle']) != '') 2353 { 2354 // User has group title 2355 $usertitle = $memperms['usertitle']; 2356 } 2357 else 2358 { 2359 if(!isset($usertitles)) 2360 { 2361 $usertitles = $cache->read('usertitles'); 2362 } 2363 2364 // No usergroup title so get a default one 2365 if(is_array($usertitles)) 2366 { 2367 foreach($usertitles as $title) 2368 { 2369 if($memprofile['postnum'] >= $title['posts']) 2370 { 2371 $usertitle = $title['title']; 2372 $stars = $title['stars']; 2373 $starimage = $title['starimage']; 2374 2375 break; 2376 } 2377 } 2378 } 2379 } 2380 2381 $usertitle = htmlspecialchars_uni($usertitle); 2382 2383 if($memperms['stars'] || $memperms['usertitle']) 2384 { 2385 // Set the number of stars if display group has constant number of stars 2386 $stars = $memperms['stars']; 2387 } 2388 elseif(!isset($stars)) 2389 { 2390 if(!isset($usertitles)) 2391 { 2392 $usertitles = $cache->read('usertitles'); 2393 } 2394 2395 // This is for cases where the user has a title, but the group has no defined number of stars (use number of stars as per default usergroups) 2396 if(is_array($usertitles)) 2397 { 2398 foreach($usertitles as $title) 2399 { 2400 if($memprofile['postnum'] >= $title['posts']) 2401 { 2402 $stars = $title['stars']; 2403 $starimage = $title['starimage']; 2404 break; 2405 } 2406 } 2407 } 2408 2409 if(!isset($stars)) 2410 { 2411 $stars = 0; 2412 } 2413 } 2414 2415 $groupimage = ''; 2416 if(!empty($memperms['image'])) 2417 { 2418 if(!empty($mybb->user['language'])) 2419 { 2420 $language = $mybb->user['language']; 2421 } 2422 else 2423 { 2424 $language = $mybb->settings['bblanguage']; 2425 } 2426 $memperms['image'] = str_replace("{lang}", $language, $memperms['image']); 2427 $memperms['image'] = str_replace("{theme}", $theme['imgdir'], $memperms['image']); 2428 eval("\$groupimage = \"".$templates->get("member_profile_groupimage")."\";"); 2429 } 2430 2431 if(empty($starimage)) 2432 { 2433 $starimage = $memperms['starimage']; 2434 } 2435 2436 if(!empty($starimage)) 2437 { 2438 // Only display stars if we have an image to use... 2439 $starimage = str_replace("{theme}", $theme['imgdir'], $starimage); 2440 $userstars = ''; 2441 for($i = 0; $i < $stars; ++$i) 2442 { 2443 eval("\$userstars .= \"".$templates->get("member_profile_userstar", 1, 0)."\";"); 2444 } 2445 } 2446 2447 // User is currently online and this user has permissions to view the user on the WOL 2448 $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60; 2449 $query = $db->simple_select("sessions", "location,nopermission", "uid='$uid' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1)); 2450 $session = $db->fetch_array($query); 2451 2452 $timeonline = $lang->none_registered; 2453 $memlastvisitdate = $lang->lastvisit_never; 2454 $last_seen = max(array($memprofile['lastactive'], $memprofile['lastvisit'])); 2455 if(!empty($last_seen)) 2456 { 2457 // We have some stamp here 2458 if($memprofile['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $memprofile['uid'] != $mybb->user['uid']) 2459 { 2460 $memlastvisitdate = $lang->lastvisit_hidden; 2461 $online_status = $timeonline = $lang->timeonline_hidden; 2462 } 2463 else 2464 { 2465 $memlastvisitdate = my_date('relative', $last_seen); 2466 2467 if($memprofile['timeonline'] > 0) 2468 { 2469 $timeonline = nice_time($memprofile['timeonline']); 2470 } 2471 2472 // Online? 2473 if(!empty($session)) 2474 { 2475 // Fetch their current location 2476 $lang->load("online"); 2477 require_once MYBB_ROOT."inc/functions_online.php"; 2478 $activity = fetch_wol_activity($session['location'], $session['nopermission']); 2479 $location = build_friendly_wol_location($activity); 2480 $location_time = my_date($mybb->settings['timeformat'], $last_seen); 2481 2482 eval("\$online_status = \"".$templates->get("member_profile_online")."\";"); 2483 } 2484 } 2485 } 2486 2487 if(!isset($online_status)) 2488 { 2489 eval("\$online_status = \"".$templates->get("member_profile_offline")."\";"); 2490 } 2491 2492 // Reset the background colours to keep it inline 2493 $alttrow = 'trow1'; 2494 2495 // Build Referral 2496 $referrals = ''; 2497 if($mybb->settings['usereferrals'] == 1) 2498 { 2499 $bg_color = alt_trow(); 2500 2501 $uid = (int) $memprofile['uid']; 2502 $referral_count = $memprofile['referrals']; 2503 if ($referral_count > 0) { 2504 eval("\$memprofile['referrals'] = \"".$templates->get('member_referrals_link')."\";"); 2505 } 2506 2507 eval("\$referrals = \"".$templates->get('member_profile_referrals')."\";"); 2508 } 2509 2510 // Fetch the reputation for this user 2511 $reputation = ''; 2512 if($memperms['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1) 2513 { 2514 $bg_color = alt_trow(); 2515 $reputation = get_reputation($memprofile['reputation']); 2516 2517 // If this user has permission to give reputations show the vote link 2518 $vote_link = ''; 2519 if($mybb->usergroup['cangivereputations'] == 1 && $memprofile['uid'] != $mybb->user['uid'] && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep'])) 2520 { 2521 eval("\$vote_link = \"".$templates->get("member_profile_reputation_vote")."\";"); 2522 } 2523 2524 eval("\$reputation = \"".$templates->get("member_profile_reputation")."\";"); 2525 } 2526 2527 $warning_level = ''; 2528 if($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || ($mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0))) 2529 { 2530 $bg_color = alt_trow(); 2531 2532 if($mybb->settings['maxwarningpoints'] < 1) 2533 { 2534 $mybb->settings['maxwarningpoints'] = 10; 2535 } 2536 2537 $warning_level = round($memprofile['warningpoints']/$mybb->settings['maxwarningpoints']*100); 2538 2539 if($warning_level > 100) 2540 { 2541 $warning_level = 100; 2542 } 2543 2544 $warning_level = get_colored_warning_level($warning_level); 2545 if($mybb->usergroup['canwarnusers'] != 0) 2546 { 2547 eval("\$warn_user = \"".$templates->get("member_profile_warn")."\";"); 2548 eval("\$warning_level = \"".$templates->get("member_profile_warninglevel_link")."\";"); 2549 } 2550 else 2551 { 2552 eval("\$warning_level = \"".$templates->get("member_profile_warninglevel")."\";"); 2553 } 2554 } 2555 2556 $bgcolor = $alttrow = 'trow1'; 2557 $customfields = $profilefields = ''; 2558 2559 $query = $db->simple_select("userfields", "*", "ufid = '{$uid}'"); 2560 $userfields = $db->fetch_array($query); 2561 2562 // If this user is an Administrator or a Moderator then we wish to show all profile fields 2563 $pfcache = $cache->read('profilefields'); 2564 2565 if(is_array($pfcache)) 2566 { 2567 foreach($pfcache as $customfield) 2568 { 2569 if($mybb->usergroup['cancp'] != 1 && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['canmodcp'] != 1 && !is_member($customfield['viewableby']) || !$customfield['profile']) 2570 { 2571 continue; 2572 } 2573 2574 $thing = explode("\n", $customfield['type'], "2"); 2575 $type = trim($thing[0]); 2576 2577 $customfieldval = $customfield_val = ''; 2578 $field = "fid{$customfield['fid']}"; 2579 2580 if(isset($userfields[$field])) 2581 { 2582 $useropts = explode("\n", $userfields[$field]); 2583 $customfieldval = $comma = ''; 2584 if(is_array($useropts) && ($type == "multiselect" || $type == "checkbox")) 2585 { 2586 foreach($useropts as $val) 2587 { 2588 if($val != '') 2589 { 2590 $val = htmlspecialchars_uni($val); 2591 2592 eval("\$customfield_val .= \"".$templates->get("member_profile_customfields_field_multi_item")."\";"); 2593 } 2594 } 2595 if($customfield_val != '') 2596 { 2597 eval("\$customfieldval = \"".$templates->get("member_profile_customfields_field_multi")."\";"); 2598 } 2599 } 2600 else 2601 { 2602 $parser_options = array( 2603 "allow_html" => $customfield['allowhtml'], 2604 "allow_mycode" => $customfield['allowmycode'], 2605 "allow_smilies" => $customfield['allowsmilies'], 2606 "allow_imgcode" => $customfield['allowimgcode'], 2607 "allow_videocode" => $customfield['allowvideocode'], 2608 #"nofollow_on" => 1, 2609 "filter_badwords" => 1 2610 ); 2611 2612 if($customfield['type'] == "textarea") 2613 { 2614 $parser_options['me_username'] = $memprofile['username']; 2615 } 2616 else 2617 { 2618 $parser_options['nl2br'] = 0; 2619 } 2620 2621 if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0) 2622 { 2623 $parser_options['allow_imgcode'] = 0; 2624 } 2625 2626 $customfieldval = $parser->parse_message($userfields[$field], $parser_options); 2627 } 2628 } 2629 2630 if($customfieldval) 2631 { 2632 $customfield['name'] = htmlspecialchars_uni($customfield['name']); 2633 eval("\$customfields .= \"".$templates->get("member_profile_customfields_field")."\";"); 2634 $bgcolor = alt_trow(); 2635 } 2636 } 2637 } 2638 2639 if($customfields) 2640 { 2641 eval("\$profilefields = \"".$templates->get("member_profile_customfields")."\";"); 2642 } 2643 2644 $memprofile['postnum'] = my_number_format($memprofile['postnum']); 2645 $lang->ppd_percent_total = $lang->sprintf($lang->ppd_percent_total, my_number_format($ppd), $post_percent); 2646 2647 $memprofile['threadnum'] = my_number_format($memprofile['threadnum']); 2648 $lang->tpd_percent_total = $lang->sprintf($lang->tpd_percent_total, my_number_format($tpd), $thread_percent); 2649 2650 $formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']); 2651 2652 $bannedbit = ''; 2653 if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1) 2654 { 2655 // Fetch details on their ban 2656 $query = $db->simple_select('banned b LEFT JOIN '.TABLE_PREFIX.'users a ON (b.admin=a.uid)', 'b.*, a.username AS adminuser', "b.uid='{$uid}'", array('limit' => 1)); 2657 2658 if($db->num_rows($query)) 2659 { 2660 $memban = $db->fetch_array($query); 2661 2662 if($memban['reason']) 2663 { 2664 $memban['reason'] = htmlspecialchars_uni($parser->parse_badwords($memban['reason'])); 2665 } 2666 else 2667 { 2668 $memban['reason'] = $lang->na; 2669 } 2670 2671 if($memban['lifted'] == 'perm' || $memban['lifted'] == '' || $memban['bantime'] == 'perm' || $memban['bantime'] == '---') 2672 { 2673 $banlength = $lang->permanent; 2674 $timeremaining = $lang->na; 2675 $banned_class = "normal_banned"; 2676 } 2677 else 2678 { 2679 // Set up the array of ban times. 2680 $bantimes = fetch_ban_times(); 2681 2682 $banlength = $bantimes[$memban['bantime']]; 2683 $remaining = $memban['lifted']-TIME_NOW; 2684 2685 $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false)).""; 2686 2687 $banned_class = ''; 2688 if($remaining < 3600) 2689 { 2690 $banned_class = "high_banned"; 2691 } 2692 else if($remaining < 86400) 2693 { 2694 $banned_class = "moderate_banned"; 2695 } 2696 else if($remaining < 604800) 2697 { 2698 $banned_class = "low_banned"; 2699 } 2700 else 2701 { 2702 $banned_class = "normal_banned"; 2703 } 2704 } 2705 eval('$timeremaining = "'.$templates->get('member_profile_banned_remaining').'";'); 2706 2707 $memban['adminuser'] = build_profile_link(htmlspecialchars_uni($memban['adminuser']), $memban['admin']); 2708 2709 // Display a nice warning to the user 2710 eval('$bannedbit = "'.$templates->get('member_profile_banned').'";'); 2711 } 2712 else 2713 { 2714 // TODO: more specific output for converted/merged boards where no ban record is merged. 2715 $bannedbit = ''; 2716 } 2717 } 2718 2719 $adminoptions = ''; 2720 if($mybb->usergroup['cancp'] == 1 && $mybb->config['hide_admin_links'] != 1) 2721 { 2722 if($memperms['isbannedgroup'] == 1) 2723 { 2724 eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions_manageban")."\";"); 2725 } 2726 else 2727 { 2728 eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions")."\";"); 2729 } 2730 } 2731 2732 $modoptions = $viewnotes = $editnotes = $editprofile = $banuser = $manageban = $manageuser = ''; 2733 $can_purge_spammer = purgespammer_show($memprofile['postnum'], $memprofile['usergroup'], $memprofile['uid']); 2734 if($mybb->usergroup['canmodcp'] == 1 || $can_purge_spammer) 2735 { 2736 if($mybb->usergroup['canuseipsearch'] == 1) 2737 { 2738 $memprofile['regip'] = my_inet_ntop($db->unescape_binary($memprofile['regip'])); 2739 $memprofile['lastip'] = my_inet_ntop($db->unescape_binary($memprofile['lastip'])); 2740 2741 eval("\$ipaddress = \"".$templates->get("member_profile_modoptions_ipaddress")."\";"); 2742 } 2743 2744 $memprofile['usernotes'] = nl2br(htmlspecialchars_uni($memprofile['usernotes'])); 2745 2746 if(!empty($memprofile['usernotes'])) 2747 { 2748 if(strlen($memprofile['usernotes']) > 100) 2749 { 2750 eval("\$viewnotes = \"".$templates->get("member_profile_modoptions_viewnotes")."\";"); 2751 $memprofile['usernotes'] = my_substr($memprofile['usernotes'], 0, 100)."... {$viewnotes}"; 2752 } 2753 } 2754 else 2755 { 2756 $memprofile['usernotes'] = $lang->no_usernotes; 2757 } 2758 2759 if($mybb->usergroup['caneditprofiles'] == 1 && modcp_can_manage_user($memprofile['uid'])) 2760 { 2761 eval("\$editprofile = \"".$templates->get("member_profile_modoptions_editprofile")."\";"); 2762 eval("\$editnotes = \"".$templates->get("member_profile_modoptions_editnotes")."\";"); 2763 } 2764 2765 if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1 && modcp_can_manage_user($memprofile['uid'])) 2766 { 2767 eval("\$manageban = \"".$templates->get("member_profile_modoptions_manageban")."\";"); 2768 } 2769 elseif(modcp_can_manage_user($memprofile['uid']) && $mybb->usergroup['canbanusers'] == 1) 2770 { 2771 eval("\$banuser = \"".$templates->get("member_profile_modoptions_banuser")."\";"); 2772 } 2773 2774 $purgespammer = ''; 2775 if($can_purge_spammer) 2776 { 2777 eval("\$purgespammer = \"".$templates->get('member_profile_modoptions_purgespammer')."\";"); 2778 } 2779 2780 if(!empty($editprofile) || !empty($banuser) || !empty($manageban) || !empty($purgespammer)) 2781 { 2782 eval("\$manageuser = \"".$templates->get("member_profile_modoptions_manageuser")."\";"); 2783 } 2784 2785 eval("\$modoptions = \"".$templates->get("member_profile_modoptions")."\";"); 2786 } 2787 2788 $add_remove_options = array(); 2789 $buddy_options = $ignore_options = $report_options = ''; 2790 if($mybb->user['uid'] != $memprofile['uid'] && $mybb->user['uid'] != 0) 2791 { 2792 $buddy_list = explode(',', $mybb->user['buddylist']); 2793 $ignore_list = explode(',', $mybb->user['ignorelist']); 2794 2795 if(in_array($uid, $buddy_list)) 2796 { 2797 $add_remove_options = array('url' => "usercp.php?action=do_editlists&delete={$uid}&my_post_key={$mybb->post_code}", 'class' => 'remove_buddy_button', 'lang' => $lang->remove_from_buddy_list); 2798 } 2799 else 2800 { 2801 $add_remove_options = array('url' => "usercp.php?action=do_editlists&add_username=".urlencode($memprofile['username'])."&my_post_key={$mybb->post_code}", 'class' => 'add_buddy_button', 'lang' => $lang->add_to_buddy_list); 2802 } 2803 2804 if(!in_array($uid, $ignore_list)) 2805 { 2806 eval("\$buddy_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Buddy 2807 } 2808 2809 if(in_array($uid, $ignore_list)) 2810 { 2811 $add_remove_options = array('url' => "usercp.php?action=do_editlists&manage=ignored&delete={$uid}&my_post_key={$mybb->post_code}", 'class' => 'remove_ignore_button', 'lang' => $lang->remove_from_ignore_list); 2812 } 2813 else 2814 { 2815 $add_remove_options = array('url' => "usercp.php?action=do_editlists&manage=ignored&add_username=".urlencode($memprofile['username'])."&my_post_key={$mybb->post_code}", 'class' => 'add_ignore_button', 'lang' => $lang->add_to_ignore_list); 2816 } 2817 2818 if(!in_array($uid, $buddy_list)) 2819 { 2820 eval("\$ignore_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Ignore 2821 } 2822 2823 if(isset($memperms['canbereported']) && $memperms['canbereported'] == 1) 2824 { 2825 $reportable = true; 2826 $query = $db->simple_select("reportedcontent", "reporters", "reportstatus != '1' AND id = '{$memprofile['uid']}' AND type = 'profile'"); 2827 if($db->num_rows($query)) 2828 { 2829 $report = $db->fetch_array($query); 2830 $report['reporters'] = my_unserialize($report['reporters']); 2831 if(is_array($report['reporters']) && in_array($mybb->user['uid'], $report['reporters'])) 2832 { 2833 $reportable = false; 2834 } 2835 } 2836 if($reportable) 2837 { 2838 $add_remove_options = array('url' => "javascript:Report.reportUser({$memprofile['uid']});", 'class' => 'report_user_button', 'lang' => $lang->report_user); 2839 eval("\$report_options = \"".$templates->get("member_profile_addremove")."\";"); // Report User 2840 } 2841 } 2842 } 2843 2844 $plugins->run_hooks("member_profile_end"); 2845 2846 eval("\$profile = \"".$templates->get("member_profile")."\";"); 2847 output_page($profile); 2848 } 2849 2850 if($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post") 2851 { 2852 // Verify incoming POST request 2853 verify_post_check($mybb->get_input('my_post_key')); 2854 2855 $plugins->run_hooks("member_do_emailuser_start"); 2856 2857 // Guests or those without permission can't email other users 2858 if($mybb->usergroup['cansendemail'] == 0) 2859 { 2860 error_no_permission(); 2861 } 2862 2863 // Check group limits 2864 if($mybb->usergroup['maxemails'] > 0) 2865 { 2866 if($mybb->user['uid'] > 0) 2867 { 2868 $user_check = "fromuid='{$mybb->user['uid']}'"; 2869 } 2870 else 2871 { 2872 $user_check = "ipaddress=".$db->escape_binary($session->packedip); 2873 } 2874 2875 $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'"); 2876 $sent_count = $db->fetch_field($query, "sent_count"); 2877 if($sent_count >= $mybb->usergroup['maxemails']) 2878 { 2879 $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']); 2880 error($lang->error_max_emails_day); 2881 } 2882 } 2883 2884 // Check email flood control 2885 if($mybb->usergroup['emailfloodtime'] > 0) 2886 { 2887 if($mybb->user['uid'] > 0) 2888 { 2889 $user_check = "fromuid='{$mybb->user['uid']}'"; 2890 } 2891 else 2892 { 2893 $user_check = "ipaddress=".$db->escape_binary($session->packedip); 2894 } 2895 2896 $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60; 2897 2898 $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC")); 2899 $last_email = $db->fetch_array($query); 2900 2901 // Users last email was within the flood time, show the error 2902 if(isset($last_email['mid'])) 2903 { 2904 $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']); 2905 2906 if($remaining_time == 1) 2907 { 2908 $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']); 2909 } 2910 elseif($remaining_time < 60) 2911 { 2912 $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time); 2913 } 2914 elseif($remaining_time > 60 && $remaining_time < 120) 2915 { 2916 $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']); 2917 } 2918 else 2919 { 2920 $remaining_time_minutes = ceil($remaining_time/60); 2921 $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes); 2922 } 2923 2924 error($lang->error_emailflooding); 2925 } 2926 } 2927 2928 $query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'"); 2929 $to_user = $db->fetch_array($query); 2930 2931 if(!$to_user['username']) 2932 { 2933 error($lang->error_invalidusername); 2934 } 2935 2936 if($to_user['hideemail'] != 0) 2937 { 2938 error($lang->error_hideemail); 2939 } 2940 2941 $errors = array(); 2942 2943 if($mybb->user['uid']) 2944 { 2945 $mybb->input['fromemail'] = $mybb->user['email']; 2946 $mybb->input['fromname'] = $mybb->user['username']; 2947 } 2948 2949 if(!validate_email_format($mybb->input['fromemail'])) 2950 { 2951 $errors[] = $lang->error_invalidfromemail; 2952 } 2953 2954 if(empty($mybb->input['fromname'])) 2955 { 2956 $errors[] = $lang->error_noname; 2957 } 2958 2959 if(empty($mybb->input['subject'])) 2960 { 2961 $errors[] = $lang->error_no_email_subject; 2962 } 2963 2964 if(empty($mybb->input['message'])) 2965 { 2966 $errors[] = $lang->error_no_email_message; 2967 } 2968 2969 if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0) 2970 { 2971 require_once MYBB_ROOT.'inc/class_captcha.php'; 2972 $captcha = new captcha; 2973 2974 if($captcha->validate_captcha() == false) 2975 { 2976 // CAPTCHA validation failed 2977 foreach($captcha->get_errors() as $error) 2978 { 2979 $errors[] = $error; 2980 } 2981 } 2982 } 2983 2984 if(count($errors) == 0) 2985 { 2986 $message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->input['fromname'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->get_input('message')); 2987 my_mail($to_user['email'], $mybb->get_input('subject'), $message, '', '', '', false, 'text', '', $mybb->input['fromemail']); 2988 2989 if($mybb->settings['mail_logging'] > 0) 2990 { 2991 // Log the message 2992 $log_entry = array( 2993 "subject" => $db->escape_string($mybb->get_input('subject')), 2994 "message" => $db->escape_string($mybb->get_input('message')), 2995 "dateline" => TIME_NOW, 2996 "fromuid" => $mybb->user['uid'], 2997 "fromemail" => $db->escape_string($mybb->input['fromemail']), 2998 "touid" => $to_user['uid'], 2999 "toemail" => $db->escape_string($to_user['email']), 3000 "tid" => 0, 3001 "ipaddress" => $db->escape_binary($session->packedip), 3002 "type" => 1 3003 ); 3004 $db->insert_query("maillogs", $log_entry); 3005 } 3006 3007 // Invalidate solved captcha 3008 if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0) 3009 { 3010 $captcha->invalidate_captcha(); 3011 } 3012 3013 $plugins->run_hooks("member_do_emailuser_end"); 3014 3015 redirect(get_profile_link($to_user['uid']), $lang->redirect_emailsent); 3016 } 3017 else 3018 { 3019 $mybb->input['action'] = "emailuser"; 3020 } 3021 } 3022 3023 if($mybb->input['action'] == "emailuser") 3024 { 3025 $plugins->run_hooks("member_emailuser_start"); 3026 3027 // Guests or those without permission can't email other users 3028 if($mybb->usergroup['cansendemail'] == 0) 3029 { 3030 error_no_permission(); 3031 } 3032 3033 // Check group limits 3034 if($mybb->usergroup['maxemails'] > 0) 3035 { 3036 if($mybb->user['uid'] > 0) 3037 { 3038 $user_check = "fromuid='{$mybb->user['uid']}'"; 3039 } 3040 else 3041 { 3042 $user_check = "ipaddress=".$db->escape_binary($session->packedip); 3043 } 3044 3045 $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'"); 3046 $sent_count = $db->fetch_field($query, "sent_count"); 3047 if($sent_count >= $mybb->usergroup['maxemails']) 3048 { 3049 $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']); 3050 error($lang->error_max_emails_day); 3051 } 3052 } 3053 3054 // Check email flood control 3055 if($mybb->usergroup['emailfloodtime'] > 0) 3056 { 3057 if($mybb->user['uid'] > 0) 3058 { 3059 $user_check = "fromuid='{$mybb->user['uid']}'"; 3060 } 3061 else 3062 { 3063 $user_check = "ipaddress=".$db->escape_binary($session->packedip); 3064 } 3065 3066 $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60; 3067 3068 $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC")); 3069 $last_email = $db->fetch_array($query); 3070 3071 // Users last email was within the flood time, show the error 3072 if(isset($last_email['mid'])) 3073 { 3074 $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']); 3075 3076 if($remaining_time == 1) 3077 { 3078 $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']); 3079 } 3080 elseif($remaining_time < 60) 3081 { 3082 $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time); 3083 } 3084 elseif($remaining_time > 60 && $remaining_time < 120) 3085 { 3086 $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']); 3087 } 3088 else 3089 { 3090 $remaining_time_minutes = ceil($remaining_time/60); 3091 $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes); 3092 } 3093 3094 error($lang->error_emailflooding); 3095 } 3096 } 3097 3098 $query = $db->simple_select("users", "uid, username, email, hideemail, ignorelist", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'"); 3099 $to_user = $db->fetch_array($query); 3100 3101 $to_user['username'] = htmlspecialchars_uni($to_user['username']); 3102 $lang->email_user = $lang->sprintf($lang->email_user, $to_user['username']); 3103 3104 if(!$to_user['uid']) 3105 { 3106 error($lang->error_invaliduser); 3107 } 3108 3109 if($to_user['hideemail'] != 0) 3110 { 3111 error($lang->error_hideemail); 3112 } 3113 3114 if($to_user['ignorelist'] && (my_strpos(",".$to_user['ignorelist'].",", ",".$mybb->user['uid'].",") !== false && $mybb->usergroup['cansendemailoverride'] != 1)) 3115 { 3116 error_no_permission(); 3117 } 3118 3119 if(isset($errors) && count($errors) > 0) 3120 { 3121 $errors = inline_error($errors); 3122 $fromname = htmlspecialchars_uni($mybb->get_input('fromname')); 3123 $fromemail = htmlspecialchars_uni($mybb->get_input('fromemail')); 3124 $subject = htmlspecialchars_uni($mybb->get_input('subject')); 3125 $message = htmlspecialchars_uni($mybb->get_input('message')); 3126 } 3127 else 3128 { 3129 $errors = ''; 3130 $fromname = ''; 3131 $fromemail = ''; 3132 $subject = ''; 3133 $message = ''; 3134 } 3135 3136 // Generate CAPTCHA? 3137 if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0) 3138 { 3139 require_once MYBB_ROOT.'inc/class_captcha.php'; 3140 $post_captcha = new captcha(true, "post_captcha"); 3141 3142 if($post_captcha->html) 3143 { 3144 $captcha = $post_captcha->html; 3145 } 3146 } 3147 else 3148 { 3149 $captcha = ''; 3150 } 3151 3152 $from_email = ''; 3153 if($mybb->user['uid'] == 0) 3154 { 3155 eval("\$from_email = \"".$templates->get("member_emailuser_guest")."\";"); 3156 } 3157 3158 $plugins->run_hooks("member_emailuser_end"); 3159 3160 eval("\$emailuser = \"".$templates->get("member_emailuser")."\";"); 3161 output_page($emailuser); 3162 } 3163 3164 if($mybb->input['action'] == 'referrals') 3165 { 3166 $plugins->run_hooks('member_referrals_start'); 3167 3168 $uid = $mybb->get_input('uid', MyBB::INPUT_INT); 3169 if(!$uid) 3170 { 3171 error($lang->referrals_no_user_specified); 3172 } 3173 3174 $user = get_user($uid); 3175 if(!isset($user['uid'])) 3176 { 3177 error($lang->referrals_invalid_user); 3178 } 3179 3180 $lang->nav_referrals = $lang->sprintf($lang->nav_referrals, $user['username']); 3181 add_breadcrumb($lang->nav_referrals); 3182 3183 $query = $db->simple_select('users', 'COUNT(uid) AS total', "referrer='{$uid}'"); 3184 $referral_count = $db->fetch_field($query, 'total'); 3185 3186 $bg_color = 'trow1'; 3187 3188 if($referral_count == 0) 3189 { 3190 eval("\$referral_rows = \"".$templates->get('member_no_referrals')."\";"); 3191 } 3192 else 3193 { 3194 // Figure out if we need to display multiple pages. 3195 $perpage = 20; 3196 if ((int) $mybb->settings['referralsperpage']) { 3197 $perpage = (int) $mybb->settings['referralsperpage']; 3198 } 3199 3200 $page = 1; 3201 if($mybb->get_input('page', MyBB::INPUT_INT)) 3202 { 3203 $page = $mybb->get_input('page', MyBB::INPUT_INT); 3204 } 3205 3206 $pages = ceil($referral_count / $perpage); 3207 3208 if($page > $pages || $page <= 0) 3209 { 3210 $page = 1; 3211 } 3212 3213 if($page) 3214 { 3215 $start = ($page-1) * $perpage; 3216 } 3217 else 3218 { 3219 $start = 0; 3220 $page = 1; 3221 } 3222 3223 $multipage = multipage($referral_count, $perpage, $page, "member.php?action=referrals&uid={$uid}"); 3224 3225 $referral_rows = ''; 3226 foreach(get_user_referrals($uid, $start, $perpage) as $referral) 3227 { 3228 // Format user name link 3229 $username = htmlspecialchars_uni($referral['username']); 3230 $username = format_name($username, $referral['usergroup'], $referral['displaygroup']); 3231 $username = build_profile_link($username, $referral['uid']); 3232 3233 $regdate = my_date('normal', $referral['regdate']); 3234 3235 eval("\$referral_rows .= \"".$templates->get('member_referral_row')."\";"); 3236 3237 $bg_color = alt_trow(); 3238 } 3239 } 3240 3241 $plugins->run_hooks('member_referrals_end'); 3242 3243 eval("\$referrals = \"".$templates->get("member_referrals")."\";"); 3244 output_page($referrals); 3245 } 3246 3247 if(!$mybb->input['action']) 3248 { 3249 header("Location: index.php"); 3250 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |