[ Index ] |
PHP Cross Reference of MyBB |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id$ 10 */ 11 12 define("IN_MYBB", 1); 13 define('THIS_SCRIPT', 'member.php'); 14 define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword"); 15 16 $nosession['avatar'] = 1; 17 $templatelist = "member_register,member_register_hiddencaptcha,member_coppa_form,member_register_coppa,member_register_agreement_coppa,member_register_agreement,usercp_options_tppselect,usercp_options_pppselect,member_register_referrer,member_register_customfield,member_register_requiredfields,member_register_password,member_activate,member_resendactivation,member_lostpw"; 18 $templatelist .= ",member_resetpassword,member_loggedin_notice,member_profile_away,member_emailuser,member_register_regimage,member_register_regimage_recaptcha,post_captcha_hidden,post_captcha,post_captcha_recaptcha"; 19 $templatelist .= ",member_profile_email,member_profile_offline,member_profile_reputation,member_profile_warn,member_profile_warninglevel,member_profile_customfields_field,member_profile_customfields,member_profile_adminoptions,member_profile,member_login,member_profile_online,member_profile_modoptions,member_profile_signature,member_profile_groupimage,member_profile_referrals"; 20 require_once "./global.php"; 21 22 require_once MYBB_ROOT."inc/functions_post.php"; 23 require_once MYBB_ROOT."inc/functions_user.php"; 24 require_once MYBB_ROOT."inc/class_parser.php"; 25 $parser = new postParser; 26 27 // Load global language phrases 28 $lang->load("member"); 29 30 // Make navigation 31 switch($mybb->input['action']) 32 { 33 case "register": 34 case "do_register": 35 add_breadcrumb($lang->nav_register); 36 break; 37 case "activate": 38 add_breadcrumb($lang->nav_activate); 39 break; 40 case "resendactivation": 41 add_breadcrumb($lang->nav_resendactivation); 42 break; 43 case "lostpw": 44 add_breadcrumb($lang->nav_lostpw); 45 break; 46 case "resetpassword": 47 add_breadcrumb($lang->nav_resetpassword); 48 break; 49 case "login": 50 add_breadcrumb($lang->nav_login); 51 break; 52 case "emailuser": 53 add_breadcrumb($lang->nav_emailuser); 54 break; 55 } 56 57 if(($mybb->input['action'] == "register" || $mybb->input['action'] == "do_register") && $mybb->usergroup['cancp'] != 1) 58 { 59 if($mybb->settings['disableregs'] == 1) 60 { 61 error($lang->registrations_disabled); 62 } 63 if($mybb->user['regdate']) 64 { 65 error($lang->error_alreadyregistered); 66 } 67 if($mybb->settings['betweenregstime'] && $mybb->settings['maxregsbetweentime']) 68 { 69 $time = TIME_NOW; 70 $datecut = $time-(60*60*$mybb->settings['betweenregstime']); 71 $query = $db->simple_select("users", "*", "regip='".$db->escape_string($session->ipaddress)."' AND regdate > '$datecut'"); 72 $regcount = $db->num_rows($query); 73 if($regcount >= $mybb->settings['maxregsbetweentime']) 74 { 75 $lang->error_alreadyregisteredtime = $lang->sprintf($lang->error_alreadyregisteredtime, $regcount, $mybb->settings['betweenregstime']); 76 error($lang->error_alreadyregisteredtime); 77 } 78 } 79 } 80 81 if($mybb->input['action'] == "do_register" && $mybb->request_method == "post") 82 { 83 $plugins->run_hooks("member_do_register_start"); 84 85 // If we have hidden CATPCHA enabled and it's filled, deny registration 86 if($mybb->settings['hiddencaptchaimage']) 87 { 88 $string = $mybb->settings['hiddencaptchaimagefield']; 89 90 if($mybb->input[$string] != '') 91 { 92 error($lang->error_spam_deny); 93 } 94 } 95 96 if($mybb->settings['regtype'] == "randompass") 97 { 98 $mybb->input['password'] = random_str(); 99 $mybb->input['password2'] = $mybb->input['password']; 100 } 101 102 if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->input['coppa'] == 1) 103 { 104 $usergroup = 5; 105 } 106 else 107 { 108 $usergroup = 2; 109 } 110 111 // Set up user handler. 112 require_once MYBB_ROOT."inc/datahandlers/user.php"; 113 $userhandler = new UserDataHandler("insert"); 114 115 // Set the data for the new user. 116 $user = array( 117 "username" => $mybb->input['username'], 118 "password" => $mybb->input['password'], 119 "password2" => $mybb->input['password2'], 120 "email" => $mybb->input['email'], 121 "email2" => $mybb->input['email2'], 122 "usergroup" => $usergroup, 123 "referrer" => $mybb->input['referrername'], 124 "timezone" => $mybb->input['timezoneoffset'], 125 "language" => $mybb->input['language'], 126 "profile_fields" => $mybb->input['profile_fields'], 127 "regip" => $session->ipaddress, 128 "longregip" => my_ip2long($session->ipaddress), 129 "coppa_user" => intval($mybb->cookies['coppauser']), 130 "regcheck1" => $mybb->input['regcheck1'], 131 "regcheck2" => $mybb->input['regcheck2'] 132 ); 133 134 // Do we have a saved COPPA DOB? 135 if($mybb->cookies['coppadob']) 136 { 137 list($dob_day, $dob_month, $dob_year) = explode("-", $mybb->cookies['coppadob']); 138 $user['birthday'] = array( 139 "day" => $dob_day, 140 "month" => $dob_month, 141 "year" => $dob_year 142 ); 143 } 144 145 $user['options'] = array( 146 "allownotices" => $mybb->input['allownotices'], 147 "hideemail" => $mybb->input['hideemail'], 148 "subscriptionmethod" => $mybb->input['subscriptionmethod'], 149 "receivepms" => $mybb->input['receivepms'], 150 "pmnotice" => $mybb->input['pmnotice'], 151 "emailpmnotify" => $mybb->input['emailpmnotify'], 152 "invisible" => $mybb->input['invisible'], 153 "dstcorrection" => $mybb->input['dstcorrection'] 154 ); 155 156 $userhandler->set_data($user); 157 158 $errors = ""; 159 160 if(!$userhandler->validate_user()) 161 { 162 $errors = $userhandler->get_friendly_errors(); 163 } 164 165 if($mybb->settings['captchaimage']) 166 { 167 require_once MYBB_ROOT.'inc/class_captcha.php'; 168 $captcha = new captcha; 169 170 if($captcha->validate_captcha() == false) 171 { 172 // CAPTCHA validation failed 173 foreach($captcha->get_errors() as $error) 174 { 175 $errors[] = $error; 176 } 177 } 178 } 179 180 if(is_array($errors)) 181 { 182 $username = htmlspecialchars_uni($mybb->input['username']); 183 $email = htmlspecialchars_uni($mybb->input['email']); 184 $email2 = htmlspecialchars_uni($mybb->input['email']); 185 $referrername = htmlspecialchars_uni($mybb->input['referrername']); 186 187 if($mybb->input['allownotices'] == 1) 188 { 189 $allownoticescheck = "checked=\"checked\""; 190 } 191 192 if($mybb->input['hideemail'] == 1) 193 { 194 $hideemailcheck = "checked=\"checked\""; 195 } 196 197 if($mybb->input['subscriptionmethod'] == 1) 198 { 199 $no_email_subscribe_selected = "selected=\"selected\""; 200 } 201 else if($mybb->input['subscriptionmethod'] == 2) 202 { 203 $instant_email_subscribe_selected = "selected=\"selected\""; 204 } 205 else 206 { 207 $no_subscribe_selected = "selected=\"selected\""; 208 } 209 210 if($mybb->input['receivepms'] == 1) 211 { 212 $receivepmscheck = "checked=\"checked\""; 213 } 214 215 if($mybb->input['pmnotice'] == 1) 216 { 217 $pmnoticecheck = " checked=\"checked\""; 218 } 219 220 if($mybb->input['emailpmnotify'] == 1) 221 { 222 $emailpmnotifycheck = "checked=\"checked\""; 223 } 224 225 if($mybb->input['invisible'] == 1) 226 { 227 $invisiblecheck = "checked=\"checked\""; 228 } 229 230 if($mybb->input['dstcorrection'] == 2) 231 { 232 $dst_auto_selected = "selected=\"selected\""; 233 } 234 else if($mybb->input['dstcorrection'] == 1) 235 { 236 $dst_enabled_selected = "selected=\"selected\""; 237 } 238 else 239 { 240 $dst_disabled_selected = "selected=\"selected\""; 241 } 242 243 $regerrors = inline_error($errors); 244 $mybb->input['action'] = "register"; 245 $fromreg = 1; 246 } 247 else 248 { 249 $user_info = $userhandler->insert_user(); 250 251 // Invalidate solved captcha 252 if($mybb->settings['captchaimage']) 253 { 254 $captcha->invalidate_captcha(); 255 } 256 257 if($mybb->settings['regtype'] != "randompass" && !$mybb->cookies['coppauser']) 258 { 259 // Log them in 260 my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true); 261 } 262 263 if($mybb->cookies['coppauser']) 264 { 265 $lang->redirect_registered_coppa_activate = $lang->sprintf($lang->redirect_registered_coppa_activate, $mybb->settings['bbname'], $user_info['username']); 266 my_unsetcookie("coppauser"); 267 my_unsetcookie("coppadob"); 268 $plugins->run_hooks("member_do_register_end"); 269 error($lang->redirect_registered_coppa_activate); 270 } 271 else if($mybb->settings['regtype'] == "verify") 272 { 273 $activationcode = random_str(); 274 $now = TIME_NOW; 275 $activationarray = array( 276 "uid" => $user_info['uid'], 277 "dateline" => TIME_NOW, 278 "code" => $activationcode, 279 "type" => "r" 280 ); 281 $db->insert_query("awaitingactivation", $activationarray); 282 $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']); 283 switch($mybb->settings['username_method']) 284 { 285 case 0: 286 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 287 break; 288 case 1: 289 $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 290 break; 291 case 2: 292 $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 293 break; 294 default: 295 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 296 break; 297 } 298 my_mail($user_info['email'], $emailsubject, $emailmessage); 299 300 $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], $user_info['username']); 301 302 $plugins->run_hooks("member_do_register_end"); 303 304 error($lang->redirect_registered_activation); 305 } 306 else if($mybb->settings['regtype'] == "randompass") 307 { 308 $emailsubject = $lang->sprintf($lang->emailsubject_randompassword, $mybb->settings['bbname']); 309 switch($mybb->settings['username_method']) 310 { 311 case 0: 312 $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $user_info['password']); 313 break; 314 case 1: 315 $emailmessage = $lang->sprintf($lang->email_randompassword1, $user['username'], $mybb->settings['bbname'], $user_info['username'], $user_info['password']); 316 break; 317 case 2: 318 $emailmessage = $lang->sprintf($lang->email_randompassword2, $user['username'], $mybb->settings['bbname'], $user_info['username'], $user_info['password']); 319 break; 320 default: 321 $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $user_info['password']); 322 break; 323 } 324 my_mail($user_info['email'], $emailsubject, $emailmessage); 325 326 $plugins->run_hooks("member_do_register_end"); 327 328 error($lang->redirect_registered_passwordsent); 329 } 330 else if($mybb->settings['regtype'] == "admin") 331 { 332 $lang->redirect_registered_admin_activate = $lang->sprintf($lang->redirect_registered_admin_activate, $mybb->settings['bbname'], $user_info['username']); 333 334 $plugins->run_hooks("member_do_register_end"); 335 336 error($lang->redirect_registered_admin_activate); 337 } 338 else 339 { 340 $lang->redirect_registered = $lang->sprintf($lang->redirect_registered, $mybb->settings['bbname'], $user_info['username']); 341 342 $plugins->run_hooks("member_do_register_end"); 343 344 redirect("index.php", $lang->redirect_registered); 345 } 346 } 347 } 348 349 if($mybb->input['action'] == "coppa_form") 350 { 351 if(!$mybb->settings['faxno']) 352 { 353 $mybb->settings['faxno'] = " "; 354 } 355 356 eval("\$coppa_form = \"".$templates->get("member_coppa_form")."\";"); 357 output_page($coppa_form); 358 } 359 360 if($mybb->input['action'] == "register") 361 { 362 $bdaysel = ''; 363 if($mybb->settings['coppa'] == "disabled") 364 { 365 $bdaysel = $bday2blank = "<option value=\"\"> </option>"; 366 } 367 for($i = 1; $i <= 31; ++$i) 368 { 369 if($mybb->input['bday1'] == $i) 370 { 371 $bdaysel .= "<option value=\"$i\" selected=\"selected\">$i</option>\n"; 372 } 373 else 374 { 375 $bdaysel .= "<option value=\"$i\">$i</option>\n"; 376 } 377 } 378 379 $bdaymonthsel[$mybb->input['bday2']] = "selected=\"selected\""; 380 $mybb->input['bday3'] = intval($mybb->input['bday3']); 381 382 if($mybb->input['bday3'] == 0) $mybb->input['bday3'] = ""; 383 384 // Is COPPA checking enabled? 385 if($mybb->settings['coppa'] != "disabled" && !$mybb->input['step']) 386 { 387 // Just selected DOB, we check 388 if($mybb->input['bday1'] && $mybb->input['bday2'] && $mybb->input['bday3']) 389 { 390 my_unsetcookie("coppauser"); 391 392 $mybb->input['bday1'] = intval($mybb->input['bday1']); 393 $mybb->input['bday2'] = intval($mybb->input['bday2']); 394 $mybb->input['bday3'] = intval($mybb->input['bday3']); 395 $months = get_bdays($mybb->input['bday3']); 396 if($mybb->input['bday2'] < 1 || $mybb->input['bday2'] > 12 || $mybb->input['bday3'] < (date("Y")-100) || $mybb->input['bday3'] > date("Y") || $mybb->input['bday1'] > $months[$mybb->input['bday2']-1]) 397 { 398 error($lang->error_invalid_birthday); 399 } 400 401 $bdaytime = @mktime(0, 0, 0, $mybb->input['bday2'], $mybb->input['bday1'], $mybb->input['bday3']); 402 403 // Store DOB in cookie so we can save it with the registration 404 my_setcookie("coppadob", "{$mybb->input['bday1']}-{$mybb->input['bday2']}-{$mybb->input['bday3']}", -1); 405 406 // User is <= 13, we mark as a coppa user 407 if($bdaytime >= mktime(0, 0, 0, my_date('n'), my_date('d'), my_date('Y')-13)) 408 { 409 my_setcookie("coppauser", 1, -0); 410 $under_thirteen = true; 411 } 412 $mybb->request_method = ""; 413 } 414 // Show DOB select form 415 else 416 { 417 $plugins->run_hooks("member_register_coppa"); 418 419 my_unsetcookie("coppauser"); 420 421 eval("\$coppa = \"".$templates->get("member_register_coppa")."\";"); 422 output_page($coppa); 423 exit; 424 } 425 } 426 427 if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) || $mybb->request_method != "post") 428 { 429 // Is this user a COPPA user? We need to show the COPPA agreement too 430 if($mybb->settings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen)) 431 { 432 if($mybb->settings['coppa'] == "deny") 433 { 434 error($lang->error_need_to_be_thirteen); 435 } 436 $lang->coppa_agreement_1 = $lang->sprintf($lang->coppa_agreement_1, $mybb->settings['bbname']); 437 eval("\$coppa_agreement = \"".$templates->get("member_register_agreement_coppa")."\";"); 438 } 439 440 $plugins->run_hooks("member_register_agreement"); 441 442 eval("\$agreement = \"".$templates->get("member_register_agreement")."\";"); 443 output_page($agreement); 444 } 445 else 446 { 447 $plugins->run_hooks("member_register_start"); 448 449 $validator_extra = ''; 450 451 if(isset($mybb->input['timezoneoffset'])) 452 { 453 $timezoneoffset = $mybb->input['timezoneoffset']; 454 } 455 else 456 { 457 $timezoneoffset = $mybb->settings['timezoneoffset']; 458 } 459 $tzselect = build_timezone_select("timezoneoffset", $timezoneoffset, true); 460 461 $stylelist = build_theme_select("style"); 462 463 if($mybb->settings['usertppoptions']) 464 { 465 $tppoptions = ''; 466 $explodedtpp = explode(",", $mybb->settings['usertppoptions']); 467 if(is_array($explodedtpp)) 468 { 469 foreach($explodedtpp as $val) 470 { 471 $val = trim($val); 472 $tppoptions .= "<option value=\"$val\">".$lang->sprintf($lang->tpp_option, $val)."</option>\n"; 473 } 474 } 475 eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";"); 476 } 477 if($mybb->settings['userpppoptions']) 478 { 479 $pppoptions = ''; 480 $explodedppp = explode(",", $mybb->settings['userpppoptions']); 481 if(is_array($explodedppp)) 482 { 483 foreach($explodedppp as $val) 484 { 485 $val = trim($val); 486 $pppoptions .= "<option value=\"$val\">".$lang->sprintf($lang->ppp_option, $val)."</option>\n"; 487 } 488 } 489 eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";"); 490 } 491 if($mybb->settings['usereferrals'] == 1 && !$mybb->user['uid']) 492 { 493 if($mybb->cookies['mybb']['referrer']) 494 { 495 $query = $db->simple_select("users", "uid,username", "uid='".$db->escape_string($mybb->cookies['mybb']['referrer'])."'"); 496 $ref = $db->fetch_array($query); 497 $referrername = $ref['username']; 498 } 499 elseif($referrer) 500 { 501 $query = $db->simple_select("users", "username", "uid='".intval($referrer['uid'])."'"); 502 $ref = $db->fetch_array($query); 503 $referrername = $ref['username']; 504 } 505 elseif($referrername) 506 { 507 $query = $db->simple_select("users", "uid", "LOWER(username)='".$db->escape_string(my_strtolower($referrername))."'"); 508 $ref = $db->fetch_array($query); 509 if(!$ref['uid']) 510 { 511 $errors[] = $lang->error_badreferrer; 512 } 513 } 514 if($quickreg) 515 { 516 $refbg = "trow1"; 517 } 518 else 519 { 520 $refbg = "trow2"; 521 } 522 // JS validator extra 523 $validator_extra .= "\tregValidator.register('referrer', 'ajax', {url:'xmlhttp.php?action=username_exists', loading_message:'{$lang->js_validator_checking_referrer}'});\n"; 524 525 eval("\$referrer = \"".$templates->get("member_register_referrer")."\";"); 526 } 527 else 528 { 529 $referrer = ''; 530 } 531 // Custom profile fields baby! 532 $altbg = "trow1"; 533 $query = $db->simple_select("profilefields", "*", "required=1", array('order_by' => 'disporder')); 534 while($profilefield = $db->fetch_array($query)) 535 { 536 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 537 $thing = explode("\n", $profilefield['type'], "2"); 538 $type = trim($thing[0]); 539 $options = $thing[1]; 540 $select = ''; 541 $field = "fid{$profilefield['fid']}"; 542 if($errors) 543 { 544 $userfield = $mybb->input['profile_fields'][$field]; 545 } 546 else 547 { 548 $userfield = ''; 549 } 550 if($type == "multiselect") 551 { 552 if($errors) 553 { 554 $useropts = $userfield; 555 } 556 else 557 { 558 $useropts = explode("\n", $userfield); 559 } 560 if(is_array($useropts)) 561 { 562 foreach($useropts as $key => $val) 563 { 564 $seloptions[$val] = $val; 565 } 566 } 567 $expoptions = explode("\n", $options); 568 if(is_array($expoptions)) 569 { 570 foreach($expoptions as $key => $val) 571 { 572 $val = trim($val); 573 $val = str_replace("\n", "\\n", $val); 574 575 $sel = ""; 576 if($val == $seloptions[$val]) 577 { 578 $sel = "selected=\"selected\""; 579 } 580 $select .= "<option value=\"$val\" $sel>$val</option>\n"; 581 } 582 if(!$profilefield['length']) 583 { 584 $profilefield['length'] = 3; 585 } 586 $code = "<select name=\"profile_fields[$field][]\" id=\"{$field}\" size=\"{$profilefield['length']}\" multiple=\"multiple\">$select</select>"; 587 } 588 } 589 elseif($type == "select") 590 { 591 $expoptions = explode("\n", $options); 592 if(is_array($expoptions)) 593 { 594 foreach($expoptions as $key => $val) 595 { 596 $val = trim($val); 597 $val = str_replace("\n", "\\n", $val); 598 $sel = ""; 599 if($val == $userfield) 600 { 601 $sel = "selected=\"selected\""; 602 } 603 $select .= "<option value=\"$val\" $sel>$val</option>"; 604 } 605 if(!$profilefield['length']) 606 { 607 $profilefield['length'] = 1; 608 } 609 $code = "<select name=\"profile_fields[$field]\" id=\"{$field}\" size=\"{$profilefield['length']}\">$select</select>"; 610 } 611 } 612 elseif($type == "radio") 613 { 614 $expoptions = explode("\n", $options); 615 if(is_array($expoptions)) 616 { 617 foreach($expoptions as $key => $val) 618 { 619 $checked = ""; 620 if($val == $userfield) 621 { 622 $checked = "checked=\"checked\""; 623 } 624 $code .= "<input type=\"radio\" class=\"radio\" name=\"profile_fields[$field]\" id=\"{$field}{$key}\" value=\"$val\" $checked /> <span class=\"smalltext\">$val</span><br />"; 625 } 626 } 627 } 628 elseif($type == "checkbox") 629 { 630 if($errors) 631 { 632 $useropts = $userfield; 633 } 634 else 635 { 636 $useropts = explode("\n", $userfield); 637 } 638 if(is_array($useropts)) 639 { 640 foreach($useropts as $key => $val) 641 { 642 $seloptions[$val] = $val; 643 } 644 } 645 $expoptions = explode("\n", $options); 646 if(is_array($expoptions)) 647 { 648 foreach($expoptions as $key => $val) 649 { 650 $checked = ""; 651 if($val == $seloptions[$val]) 652 { 653 $checked = "checked=\"checked\""; 654 } 655 $code .= "<input type=\"checkbox\" class=\"checkbox\" name=\"profile_fields[$field][]\" id=\"{$field}{$key}\" value=\"$val\" $checked /> <span class=\"smalltext\">$val</span><br />"; 656 } 657 } 658 } 659 elseif($type == "textarea") 660 { 661 $value = htmlspecialchars_uni($userfield); 662 $code = "<textarea name=\"profile_fields[$field]\" id=\"{$field}\" rows=\"6\" cols=\"30\" style=\"width: 95%\">$value</textarea>"; 663 } 664 else 665 { 666 $value = htmlspecialchars_uni($userfield); 667 $maxlength = ""; 668 if($profilefield['maxlength'] > 0) 669 { 670 $maxlength = " maxlength=\"{$profilefield['maxlength']}\""; 671 } 672 $code = "<input type=\"text\" name=\"profile_fields[$field]\" id=\"{$field}\" class=\"textbox\" size=\"{$profilefield['length']}\"{$maxlength} value=\"$value\" />"; 673 } 674 if($profilefield['required'] == 1) 675 { 676 // JS validator extra 677 if($type == "checkbox" || $type == "radio") 678 { 679 $id = "{$field}0"; 680 } 681 else 682 { 683 $id = "fid{$profilefield['fid']}"; 684 } 685 $validator_extra .= "\tregValidator.register('{$id}', 'notEmpty', {failure_message:'{$lang->js_validator_not_empty}'});\n"; 686 687 eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";"); 688 } 689 $code = ''; 690 $select = ''; 691 $val = ''; 692 $options = ''; 693 $expoptions = ''; 694 $useropts = ''; 695 $seloptions = ''; 696 } 697 if($requiredfields) 698 { 699 eval("\$requiredfields = \"".$templates->get("member_register_requiredfields")."\";"); 700 } 701 if(!$fromreg) 702 { 703 $allownoticescheck = "checked=\"checked\""; 704 $hideemailcheck = ''; 705 $emailnotifycheck = ''; 706 $receivepmscheck = "checked=\"checked\""; 707 $pmnoticecheck = " checked=\"checked\""; 708 $emailpmnotifycheck = ''; 709 $invisiblecheck = ''; 710 if($mybb->settings['dstcorrection'] == 1) 711 { 712 $enabledstcheck = "checked=\"checked\""; 713 } 714 715 } 716 // Spambot registration image thingy 717 if($mybb->settings['captchaimage']) 718 { 719 require_once MYBB_ROOT.'inc/class_captcha.php'; 720 $captcha = new captcha(true, "member_register_regimage"); 721 722 if($captcha->html) 723 { 724 $regimage = $captcha->html; 725 726 if($mybb->settings['captchaimage'] == 1) 727 { 728 // JS validator extra for our default CAPTCHA 729 $validator_extra .= "\tregValidator.register('imagestring', 'ajax', { url: 'xmlhttp.php?action=validate_captcha', extra_body: 'imagehash', loading_message: '{$lang->js_validator_captcha_valid}', failure_message: '{$lang->js_validator_no_image_text}'} );\n"; 730 } 731 } 732 } 733 // Hidden CAPTCHA for Spambots 734 if($mybb->settings['hiddencaptchaimage']) 735 { 736 $captcha_field = $mybb->settings['hiddencaptchaimagefield']; 737 738 eval("\$hiddencaptcha = \"".$templates->get("member_register_hiddencaptcha")."\";"); 739 } 740 if($mybb->settings['regtype'] != "randompass") 741 { 742 // JS validator extra 743 $lang->js_validator_password_length = $lang->sprintf($lang->js_validator_password_length, $mybb->settings['minpasswordlength']); 744 $validator_extra .= "\tregValidator.register('password', 'length', {match_field:'password2', min: {$mybb->settings['minpasswordlength']}, failure_message:'{$lang->js_validator_password_length}'});\n"; 745 746 // See if the board has "require complex passwords" enabled. 747 if($mybb->settings['requirecomplexpasswords'] == 1) 748 { 749 $lang->password = $lang->complex_password = $lang->sprintf($lang->complex_password, $mybb->settings['minpasswordlength']); 750 $validator_extra .= "\tregValidator.register('password', 'ajax', {url:'xmlhttp.php?action=complex_password', loading_message:'{$lang->js_validator_password_complexity}'});\n"; 751 } 752 $validator_extra .= "\tregValidator.register('password2', 'matches', {match_field:'password', status_field:'password_status', failure_message:'{$lang->js_validator_password_matches}'});\n"; 753 754 eval("\$passboxes = \"".$templates->get("member_register_password")."\";"); 755 } 756 757 // JS validator extra 758 if($mybb->settings['maxnamelength'] > 0 && $mybb->settings['minnamelength'] > 0) 759 { 760 $lang->js_validator_username_length = $lang->sprintf($lang->js_validator_username_length, $mybb->settings['minnamelength'], $mybb->settings['maxnamelength']); 761 $validator_extra .= "\tregValidator.register('username', 'length', {min: {$mybb->settings['minnamelength']}, max: {$mybb->settings['maxnamelength']}, failure_message:'{$lang->js_validator_username_length}'});\n"; 762 } 763 764 $languages = $lang->get_languages(); 765 $langoptions = ''; 766 foreach($languages as $lname => $language) 767 { 768 $language = htmlspecialchars_uni($language); 769 if($user['language'] == $lname) 770 { 771 $langoptions .= "<option value=\"$lname\" selected=\"selected\">$language</option>\n"; 772 } 773 else 774 { 775 $langoptions .= "<option value=\"$lname\">$language</option>\n"; 776 } 777 } 778 779 $plugins->run_hooks("member_register_end"); 780 781 eval("\$registration = \"".$templates->get("member_register")."\";"); 782 output_page($registration); 783 } 784 } 785 786 if($mybb->input['action'] == "activate") 787 { 788 $plugins->run_hooks("member_activate_start"); 789 790 if($mybb->input['username']) 791 { 792 switch($mybb->settings['username']) 793 { 794 case 0: 795 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1)); 796 break; 797 case 1: 798 $query = $db->simple_select("users", "*", "LOWER(email)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1)); 799 break; 800 case 2: 801 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."' OR LOWER(email)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1)); 802 break; 803 default: 804 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1)); 805 break; 806 } 807 $user = $db->fetch_array($query); 808 if(!$user['username']) 809 { 810 switch($mybb->settings['username_method']) 811 { 812 case 0: 813 error($lang->error_invalidpworusername); 814 break; 815 case 1: 816 error($lang->error_invalidpworusername1); 817 break; 818 case 2: 819 error($lang->error_invalidpworusername2); 820 break; 821 default: 822 error($lang->error_invalidpworusername); 823 break; 824 } 825 } 826 $uid = $user['uid']; 827 } 828 else 829 { 830 $query = $db->simple_select("users", "*", "uid='".intval($mybb->input['uid'])."'"); 831 $user = $db->fetch_array($query); 832 } 833 if($mybb->input['code'] && $user['uid']) 834 { 835 $mybb->settings['awaitingusergroup'] = "5"; 836 $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND (type='r' OR type='e')"); 837 $activation = $db->fetch_array($query); 838 if(!$activation['uid']) 839 { 840 error($lang->error_alreadyactivated); 841 } 842 if($activation['code'] != $mybb->input['code']) 843 { 844 error($lang->error_badactivationcode); 845 } 846 $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND (type='r' OR type='e')"); 847 if($user['usergroup'] == 5 && $activation['type'] != "e") 848 { 849 $db->update_query("users", array("usergroup" => 2), "uid='".$user['uid']."'"); 850 } 851 if($activation['type'] == "e") 852 { 853 $newemail = array( 854 "email" => $db->escape_string($activation['misc']), 855 ); 856 $db->update_query("users", $newemail, "uid='".$user['uid']."'"); 857 $plugins->run_hooks("member_activate_emailupdated"); 858 859 redirect("usercp.php", $lang->redirect_emailupdated); 860 } 861 else 862 { 863 $plugins->run_hooks("member_activate_accountactivated"); 864 865 redirect("index.php", $lang->redirect_accountactivated); 866 } 867 } 868 else 869 { 870 $plugins->run_hooks("member_activate_form"); 871 872 eval("\$activate = \"".$templates->get("member_activate")."\";"); 873 output_page($activate); 874 } 875 } 876 877 if($mybb->input['action'] == "resendactivation") 878 { 879 $plugins->run_hooks("member_resendactivation"); 880 881 if($mybb->settings['regtype'] == "admin") 882 { 883 error($lang->error_activated_by_admin); 884 } 885 if($mybb->user['uid'] && $mybb->user['usergroup'] != 5) 886 { 887 error($lang->error_alreadyactivated); 888 } 889 890 eval("\$activate = \"".$templates->get("member_resendactivation")."\";"); 891 output_page($activate); 892 } 893 894 if($mybb->input['action'] == "do_resendactivation" && $mybb->request_method == "post") 895 { 896 $plugins->run_hooks("member_do_resendactivation_start"); 897 898 if($mybb->settings['regtype'] == "admin") 899 { 900 error($lang->error_activated_by_admin); 901 } 902 903 $query = $db->query(" 904 SELECT u.uid, u.username, u.usergroup, u.email, a.code 905 FROM ".TABLE_PREFIX."users u 906 LEFT JOIN ".TABLE_PREFIX."awaitingactivation a ON (a.uid=u.uid AND a.type='r') 907 WHERE u.email='".$db->escape_string($mybb->input['email'])."' 908 "); 909 $numusers = $db->num_rows($query); 910 if($numusers < 1) 911 { 912 error($lang->error_invalidemail); 913 } 914 else 915 { 916 while($user = $db->fetch_array($query)) 917 { 918 if($user['usergroup'] == 5) 919 { 920 if(!$user['code']) 921 { 922 $user['code'] = random_str(); 923 $now = TIME_NOW; 924 $uid = $user['uid']; 925 $awaitingarray = array( 926 "uid" => $uid, 927 "dateline" => TIME_NOW, 928 "code" => $user['code'], 929 "type" => "r" 930 ); 931 $db->insert_query("awaitingactivation", $awaitingarray); 932 } 933 $username = $user['username']; 934 $email = $user['email']; 935 $activationcode = $user['code']; 936 $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']); 937 switch($mybb->settings['username_method']) 938 { 939 case 0: 940 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode); 941 break; 942 case 1: 943 $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode); 944 break; 945 case 2: 946 $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode); 947 break; 948 default: 949 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode); 950 break; 951 } 952 my_mail($email, $emailsubject, $emailmessage); 953 } 954 } 955 $plugins->run_hooks("member_do_resendactivation_end"); 956 957 redirect("index.php", $lang->redirect_activationresent); 958 } 959 } 960 961 if($mybb->input['action'] == "lostpw") 962 { 963 $plugins->run_hooks("member_lostpw"); 964 965 eval("\$lostpw = \"".$templates->get("member_lostpw")."\";"); 966 output_page($lostpw); 967 } 968 969 if($mybb->input['action'] == "do_lostpw" && $mybb->request_method == "post") 970 { 971 $plugins->run_hooks("member_do_lostpw_start"); 972 973 $email = $db->escape_string($email); 974 $query = $db->simple_select("users", "*", "email='".$db->escape_string($mybb->input['email'])."'"); 975 $numusers = $db->num_rows($query); 976 if($numusers < 1) 977 { 978 error($lang->error_invalidemail); 979 } 980 else 981 { 982 while($user = $db->fetch_array($query)) 983 { 984 $db->delete_query("awaitingactivation", "uid='{$user['uid']}' AND type='p'"); 985 $user['activationcode'] = random_str(); 986 $now = TIME_NOW; 987 $uid = $user['uid']; 988 $awaitingarray = array( 989 "uid" => $user['uid'], 990 "dateline" => TIME_NOW, 991 "code" => $user['activationcode'], 992 "type" => "p" 993 ); 994 $db->insert_query("awaitingactivation", $awaitingarray); 995 $username = $user['username']; 996 $email = $user['email']; 997 $activationcode = $user['activationcode']; 998 $emailsubject = $lang->sprintf($lang->emailsubject_lostpw, $mybb->settings['bbname']); 999 switch($mybb->settings['username_method']) 1000 { 1001 case 0: 1002 $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); 1003 break; 1004 case 1: 1005 $emailmessage = $lang->sprintf($lang->email_lostpw1, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); 1006 break; 1007 case 2: 1008 $emailmessage = $lang->sprintf($lang->email_lostpw2, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); 1009 break; 1010 default: 1011 $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); 1012 break; 1013 } 1014 my_mail($email, $emailsubject, $emailmessage); 1015 } 1016 } 1017 $plugins->run_hooks("member_do_lostpw_end"); 1018 1019 redirect("index.php", $lang->redirect_lostpwsent); 1020 } 1021 1022 if($mybb->input['action'] == "resetpassword") 1023 { 1024 $plugins->run_hooks("member_resetpassword_start"); 1025 1026 if($mybb->input['username']) 1027 { 1028 switch($mybb->settings['username_method']) 1029 { 1030 case 0: 1031 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."'"); 1032 break; 1033 case 1: 1034 $query = $db->simple_select("users", "*", "LOWER(email)='".$db->escape_string(my_strtolower($mybb->input['username']))."'"); 1035 break; 1036 case 2: 1037 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."' OR LOWER(email)='".$db->escape_string(my_strtolower($mybb->input['username']))."'"); 1038 break; 1039 default: 1040 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."'"); 1041 break; 1042 } 1043 $user = $db->fetch_array($query); 1044 if(!$user['uid']) 1045 { 1046 switch($mybb->settings['username_method']) 1047 { 1048 case 0: 1049 error($lang->error_invalidpworusername); 1050 break; 1051 case 1: 1052 error($lang->error_invalidpworusername1); 1053 break; 1054 case 2: 1055 error($lang->error_invalidpworusername2); 1056 break; 1057 default: 1058 error($lang->error_invalidpworusername); 1059 break; 1060 } 1061 } 1062 } 1063 else 1064 { 1065 $query = $db->simple_select("users", "*", "uid='".intval($mybb->input['uid'])."'"); 1066 $user = $db->fetch_array($query); 1067 } 1068 if($mybb->input['code'] && $user['uid']) 1069 { 1070 $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND type='p'"); 1071 $activation = $db->fetch_array($query); 1072 $now = TIME_NOW; 1073 if($activation['code'] != $mybb->input['code']) 1074 { 1075 error($lang->error_badlostpwcode); 1076 } 1077 $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND type='p'"); 1078 $username = $user['username']; 1079 1080 // Generate a new password, then update it 1081 $password_length = intval($mybb->settings['minpasswordlength']); 1082 1083 if($password_length < 8) 1084 { 1085 $password_length = 8; 1086 } 1087 1088 $password = random_str($password_length); 1089 $logindetails = update_password($user['uid'], md5($password), $user['salt']); 1090 1091 $email = $user['email']; 1092 1093 $plugins->run_hooks("member_resetpassword_process"); 1094 1095 $emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']); 1096 $emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password); 1097 my_mail($email, $emailsubject, $emailmessage); 1098 1099 $plugins->run_hooks("member_resetpassword_reset"); 1100 1101 error($lang->redirect_passwordreset); 1102 } 1103 else 1104 { 1105 $plugins->run_hooks("member_resetpassword_form"); 1106 1107 switch($mybb->settings['username_method']) 1108 { 1109 case 0: 1110 $lang_username = $lang->username; 1111 break; 1112 case 1: 1113 $lang_username = $lang->username1; 1114 break; 1115 case 2: 1116 $lang_username = $lang->username2; 1117 break; 1118 default: 1119 $lang_username = $lang->username; 1120 break; 1121 } 1122 1123 eval("\$activate = \"".$templates->get("member_resetpassword")."\";"); 1124 output_page($activate); 1125 } 1126 } 1127 1128 $correct = false; 1129 $inline_errors = ''; 1130 if($mybb->input['action'] == "do_login" && $mybb->request_method == "post") 1131 { 1132 $plugins->run_hooks("member_do_login_start"); 1133 1134 // Checks to make sure the user can login; they haven't had too many tries at logging in. 1135 // Is a fatal call if user has had too many tries 1136 $logins = login_attempt_check(); 1137 $login_text = ''; 1138 1139 // Did we come from the quick login form 1140 if($mybb->input['quick_login'] == "1" && $mybb->input['quick_password'] && $mybb->input['quick_username']) 1141 { 1142 $mybb->input['password'] = $mybb->input['quick_password']; 1143 $mybb->input['username'] = $mybb->input['quick_username']; 1144 $mybb->input['remember'] = $mybb->input['quick_remember']; 1145 } 1146 1147 if(!username_exists($mybb->input['username'])) 1148 { 1149 my_setcookie('loginattempts', $logins + 1); 1150 switch($mybb->settings['username_method']) 1151 { 1152 case 0: 1153 error($lang->error_invalidpworusername.$login_text); 1154 break; 1155 case 1: 1156 error($lang->error_invalidpworusername1.$login_text); 1157 break; 1158 case 2: 1159 error($lang->error_invalidpworusername2.$login_text); 1160 break; 1161 default: 1162 error($lang->error_invalidpworusername.$login_text); 1163 break; 1164 } 1165 } 1166 1167 $query = $db->simple_select("users", "loginattempts", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."' OR LOWER(email)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1)); 1168 $loginattempts = $db->fetch_field($query, "loginattempts"); 1169 1170 $errors = array(); 1171 1172 $login_captcha = false; 1173 if($mybb->settings['failedcaptchalogincount'] > 0 && ($loginattempts > $mybb->settings['failedcaptchalogincount'] || intval($mybb->cookies['loginattempts']) > $mybb->settings['failedcaptchalogincount'])) 1174 { 1175 // Show captcha image if enabled 1176 if($mybb->settings['captchaimage']) 1177 { 1178 $do_captcha = false; 1179 1180 // Check their current captcha input - if correct, hide the captcha input area 1181 require_once MYBB_ROOT.'inc/class_captcha.php'; 1182 $login_captcha = new captcha; 1183 1184 if($login_captcha->validate_captcha() == false) 1185 { 1186 $correct = true; 1187 $do_captcha = true; 1188 1189 // CAPTCHA validation failed 1190 foreach($login_captcha->get_errors() as $error) 1191 { 1192 $errors[] = $error; 1193 } 1194 } 1195 } 1196 } 1197 1198 // Don't check password when captcha isn't solved 1199 if(empty($errors)) 1200 { 1201 $user = validate_password_from_username($mybb->input['username'], $mybb->input['password']); 1202 if(!$user['uid']) 1203 { 1204 my_setcookie('loginattempts', $logins + 1); 1205 $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '".$db->escape_string(my_strtolower($mybb->input['username']))."'", 1, true); 1206 1207 $mybb->input['action'] = "login"; 1208 $mybb->input['request_method'] = "get"; 1209 1210 if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1) 1211 { 1212 $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins); 1213 } 1214 1215 switch($mybb->settings['username_method']) 1216 { 1217 case 0: 1218 $errors[] = $lang->error_invalidpworusername.$login_text; 1219 break; 1220 case 1: 1221 $errors[] = $lang->error_invalidpworusername1.$login_text; 1222 break; 1223 case 2: 1224 $errors[] = $lang->error_invalidpworusername2.$login_text; 1225 break; 1226 default: 1227 $errors[] = $lang->error_invalidpworusername.$login_text; 1228 break; 1229 } 1230 } 1231 else 1232 { 1233 $correct = true; 1234 } 1235 } 1236 1237 if(!empty($errors)) 1238 { 1239 $mybb->input['action'] = "login"; 1240 $mybb->input['request_method'] = "get"; 1241 1242 $inline_errors = inline_error($errors); 1243 } 1244 else if($correct) 1245 { 1246 if($user['coppauser']) 1247 { 1248 error($lang->error_awaitingcoppa); 1249 } 1250 1251 // Invalidate captcha 1252 if($login_captcha !== false) 1253 { 1254 $login_captcha->invalidate_captcha(); 1255 } 1256 1257 my_setcookie('loginattempts', 1); 1258 $db->delete_query("sessions", "ip='".$db->escape_string($session->ipaddress)."' AND sid != '".$session->sid."'"); 1259 $newsession = array( 1260 "uid" => $user['uid'], 1261 ); 1262 $db->update_query("sessions", $newsession, "sid='".$session->sid."'"); 1263 1264 $db->update_query("users", array("loginattempts" => 1), "uid='{$user['uid']}'"); 1265 1266 if($mybb->input['remember'] != "yes") 1267 { 1268 $remember = -1; 1269 } 1270 else 1271 { 1272 $remember = null; 1273 } 1274 my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true); 1275 my_setcookie("sid", $session->sid, -1, true); 1276 1277 $plugins->run_hooks("member_do_login_end"); 1278 1279 if($mybb->input['url'] != "" && my_strpos(basename($mybb->input['url']), 'member.php') === false) 1280 { 1281 if((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false) 1282 { 1283 $mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']); 1284 } 1285 1286 $mybb->input['url'] = str_replace('&', '&', $mybb->input['url']); 1287 1288 // Redirect to the URL if it is not member.php 1289 redirect(htmlentities($mybb->input['url']), $lang->redirect_loggedin); 1290 } 1291 else 1292 { 1293 redirect("index.php", $lang->redirect_loggedin); 1294 } 1295 } 1296 else 1297 { 1298 $mybb->input['action'] = "login"; 1299 $mybb->input['request_method'] = "get"; 1300 } 1301 1302 $plugins->run_hooks("member_do_login_end"); 1303 } 1304 1305 if($mybb->input['action'] == "login") 1306 { 1307 $plugins->run_hooks("member_login"); 1308 1309 $member_loggedin_notice = ""; 1310 if($mybb->user['uid'] != 0) 1311 { 1312 $lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid'])); 1313 eval("\$member_loggedin_notice = \"".$templates->get("member_loggedin_notice")."\";"); 1314 } 1315 1316 // Checks to make sure the user can login; they haven't had too many tries at logging in. 1317 // Is a fatal call if user has had too many tries 1318 login_attempt_check(); 1319 1320 // Redirect to the page where the user came from, but not if that was the login page. 1321 $redirect_url = ''; 1322 if($_SERVER['HTTP_REFERER'] && strpos($_SERVER['HTTP_REFERER'], "action=login") === false) 1323 { 1324 $redirect_url = htmlentities($_SERVER['HTTP_REFERER']); 1325 } 1326 1327 $captcha = ''; 1328 // Show captcha image for guests if enabled and only if we have to do 1329 if($mybb->settings['captchaimage'] && isset($do_captcha)) 1330 { 1331 $correct = false; 1332 require_once MYBB_ROOT.'inc/class_captcha.php'; 1333 $login_captcha = new captcha(false, "post_captcha"); 1334 1335 if($do_captcha == false && $login_captcha->type == 1) 1336 { 1337 if($login_captcha->validate_captcha() == true) 1338 { 1339 $correct = true; 1340 $captcha = $login_captcha->build_hidden_captcha(); 1341 } 1342 } 1343 1344 if(!$correct) 1345 { 1346 if($login_captcha->type == 1) 1347 { 1348 $login_captcha->build_captcha(); 1349 } 1350 elseif($login_captcha->type == 2) 1351 { 1352 $login_captcha->build_recaptcha(); 1353 } 1354 1355 if($login_captcha->html) 1356 { 1357 $captcha = $login_captcha->html; 1358 } 1359 } 1360 elseif($correct && $login_captcha->type == 2) 1361 { 1362 $login_captcha->build_recaptcha(); 1363 1364 if($login_captcha->html) 1365 { 1366 $captcha = $login_captcha->html; 1367 } 1368 } 1369 } 1370 1371 $username = ""; 1372 $password = ""; 1373 if($mybb->input['username'] && $mybb->request_method == "post") 1374 { 1375 $username = htmlspecialchars_uni($mybb->input['username']); 1376 } 1377 1378 if($mybb->input['password'] && $mybb->request_method == "post") 1379 { 1380 $password = htmlspecialchars_uni($mybb->input['password']); 1381 } 1382 1383 switch($mybb->settings['username_method']) 1384 { 1385 case 1: 1386 $lang->username = $lang->username1; 1387 break; 1388 case 2: 1389 $lang->username = $lang->username2; 1390 break; 1391 default: 1392 break; 1393 } 1394 eval("\$login = \"".$templates->get("member_login")."\";"); 1395 output_page($login); 1396 } 1397 1398 if($mybb->input['action'] == "logout") 1399 { 1400 $plugins->run_hooks("member_logout_start"); 1401 1402 if(!$mybb->user['uid']) 1403 { 1404 redirect("index.php", $lang->redirect_alreadyloggedout); 1405 } 1406 1407 // Check session ID if we have one 1408 if($mybb->input['sid'] && $mybb->input['sid'] != $session->sid) 1409 { 1410 error($lang->error_notloggedout); 1411 } 1412 // Otherwise, check logoutkey 1413 else if(!$mybb->input['sid'] && $mybb->input['logoutkey'] != $mybb->user['logoutkey']) 1414 { 1415 error($lang->error_notloggedout); 1416 } 1417 1418 my_unsetcookie("mybbuser"); 1419 my_unsetcookie("sid"); 1420 if($mybb->user['uid']) 1421 { 1422 $time = TIME_NOW; 1423 $lastvisit = array( 1424 "lastactive" => $time-900, 1425 "lastvisit" => $time, 1426 ); 1427 $db->update_query("users", $lastvisit, "uid='".$mybb->user['uid']."'"); 1428 $db->delete_query("sessions", "sid='".$session->sid."'"); 1429 } 1430 $plugins->run_hooks("member_logout_end"); 1431 redirect("index.php", $lang->redirect_loggedout); 1432 } 1433 1434 if($mybb->input['action'] == "profile") 1435 { 1436 $plugins->run_hooks("member_profile_start"); 1437 1438 if($mybb->usergroup['canviewprofiles'] == 0) 1439 { 1440 error_no_permission(); 1441 } 1442 if($mybb->input['uid'] == "lastposter") 1443 { 1444 if($mybb->input['tid']) 1445 { 1446 $query = $db->simple_select("posts", "uid", "tid='".intval($mybb->input['tid'])."' AND visible = 1", array('order_by' => 'dateline', 'order_dir' => 'DESC', 'limit' => '1')); 1447 $post = $db->fetch_array($query); 1448 $uid = $post['uid']; 1449 } 1450 elseif($mybb->input['fid']) 1451 { 1452 $flist = ''; 1453 switch($db->type) 1454 { 1455 case "pgsql": 1456 case "sqlite": 1457 $query = $db->simple_select("forums", "fid", "INSTR(','||parentlist||',',',".intval($mybb->input['fid']).",') > 0"); 1458 break; 1459 default: 1460 $query = $db->simple_select("forums", "fid", "INSTR(CONCAT(',',parentlist,','),',".intval($mybb->input['fid']).",') > 0"); 1461 } 1462 1463 while($forum = $db->fetch_array($query)) 1464 { 1465 if($forum['fid'] == $mybb->input['fid']) 1466 { 1467 $theforum = $forum; 1468 } 1469 $flist .= ",".$forum['fid']; 1470 } 1471 $query = $db->simple_select("threads", "tid", "fid IN (0$flist) AND visible = 1", array('order_by' => 'lastpost', 'order_dir' => 'DESC', 'limit' => '1')); 1472 $thread = $db->fetch_array($query); 1473 $tid = $thread['tid']; 1474 $query = $db->simple_select("posts", "uid", "tid='$tid' AND visible = 1", array('order_by' => 'dateline', 'order_dir' => 'DESC', 'limit' => '1')); 1475 $post = $db->fetch_array($query); 1476 $uid = $post['uid']; 1477 } 1478 } 1479 else 1480 { 1481 if($mybb->input['uid']) 1482 { 1483 $uid = intval($mybb->input['uid']); 1484 } 1485 else 1486 { 1487 $uid = $mybb->user['uid']; 1488 } 1489 } 1490 1491 if($mybb->user['uid'] != $uid) 1492 { 1493 $memprofile = get_user($uid); 1494 } 1495 else 1496 { 1497 $memprofile = $mybb->user; 1498 } 1499 1500 $lang->profile = $lang->sprintf($lang->profile, $memprofile['username']); 1501 1502 if(!$memprofile['uid']) 1503 { 1504 error($lang->error_nomember); 1505 } 1506 1507 // Get member's permissions 1508 $memperms = user_permissions($memprofile['uid']); 1509 1510 $lang->nav_profile = $lang->sprintf($lang->nav_profile, $memprofile['username']); 1511 add_breadcrumb($lang->nav_profile); 1512 1513 $lang->users_forum_info = $lang->sprintf($lang->users_forum_info, $memprofile['username']); 1514 $lang->users_contact_details = $lang->sprintf($lang->users_contact_details, $memprofile['username']); 1515 1516 if($mybb->settings['enablepms'] != 0 && (($memprofile['receivepms'] != 0 && $memperms['canusepms'] != 0 && my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false) || $mybb->usergroup['canoverridepm'] == 1)) 1517 { 1518 $lang->send_pm = $lang->sprintf($lang->send_pm, $memprofile['username']); 1519 } 1520 else 1521 { 1522 $lang->send_pm = ''; 1523 } 1524 $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']); 1525 $lang->users_additional_info = $lang->sprintf($lang->users_additional_info, $memprofile['username']); 1526 $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']); 1527 $lang->send_user_email = $lang->sprintf($lang->send_user_email, $memprofile['username']); 1528 1529 if($memprofile['avatar']) 1530 { 1531 $memprofile['avatar'] = htmlspecialchars_uni($memprofile['avatar']); 1532 $avatar_dimensions = explode("|", $memprofile['avatardimensions']); 1533 if($avatar_dimensions[0] && $avatar_dimensions[1]) 1534 { 1535 $avatar_width_height = "width=\"{$avatar_dimensions[0]}\" height=\"{$avatar_dimensions[1]}\""; 1536 } 1537 $avatar = "<img src=\"{$memprofile['avatar']}\" alt=\"\" $avatar_width_height />"; 1538 } 1539 else 1540 { 1541 $avatar = ''; 1542 } 1543 1544 if($memprofile['hideemail'] != 1 && (my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false || $mybb->usergroup['cansendemailoverride'] != 0)) 1545 { 1546 eval("\$sendemail = \"".$templates->get("member_profile_email")."\";"); 1547 } 1548 else 1549 { 1550 $alttrow = "trow1"; // To properly sort the contact details below 1551 $sendemail = ''; 1552 } 1553 1554 // Clean alt_trow for the contact details 1555 $cat_array = array( 1556 "pm", 1557 "icq", 1558 "aim", 1559 "yahoo", 1560 "msn", 1561 ); 1562 1563 $bgcolors = array(); 1564 foreach($cat_array as $cat) 1565 { 1566 $bgcolors[$cat] = alt_trow(); 1567 } 1568 1569 $website = ''; 1570 if($memprofile['website']) 1571 { 1572 $memprofile['website'] = htmlspecialchars_uni($memprofile['website']); 1573 $website = "<a href=\"{$memprofile['website']}\" target=\"_blank\">{$memprofile['website']}</a>"; 1574 } 1575 1576 $signature = ''; 1577 if($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW)) 1578 { 1579 $sig_parser = array( 1580 "allow_html" => $mybb->settings['sightml'], 1581 "allow_mycode" => $mybb->settings['sigmycode'], 1582 "allow_smilies" => $mybb->settings['sigsmilies'], 1583 "allow_imgcode" => $mybb->settings['sigimgcode'], 1584 "me_username" => $memprofile['username'], 1585 "filter_badwords" => 1 1586 ); 1587 1588 $memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser); 1589 eval("\$signature = \"".$templates->get("member_profile_signature")."\";"); 1590 } 1591 1592 $daysreg = (TIME_NOW - $memprofile['regdate']) / (24*3600); 1593 1594 if($daysreg < 1) 1595 { 1596 $daysreg = 1; 1597 } 1598 1599 $ppd = $memprofile['postnum'] / $daysreg; 1600 $ppd = round($ppd, 2); 1601 if($ppd > $memprofile['postnum']) 1602 { 1603 $ppd = $memprofile['postnum']; 1604 } 1605 $stats = $cache->read("stats"); 1606 $numposts = $stats['numposts']; 1607 if($numposts == 0) 1608 { 1609 $percent = "0"; 1610 } 1611 else 1612 { 1613 $percent = $memprofile['postnum']*100/$numposts; 1614 $percent = round($percent, 2); 1615 } 1616 1617 if($percent > 100) 1618 { 1619 $percent = 100; 1620 } 1621 1622 if(!empty($memprofile['icq'])) 1623 { 1624 $memprofile['icq'] = intval($memprofile['icq']); 1625 } 1626 else 1627 { 1628 $memprofile['icq'] = ''; 1629 } 1630 1631 $awaybit = ''; 1632 if($memprofile['away'] == 1 && $mybb->settings['allowaway'] != 0) 1633 { 1634 $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']); 1635 $awaydate = my_date($mybb->settings['dateformat'], $memprofile['awaydate']); 1636 if(!empty($memprofile['awayreason'])) 1637 { 1638 $reason = $parser->parse_badwords($memprofile['awayreason']); 1639 $awayreason = htmlspecialchars_uni($reason); 1640 } 1641 else 1642 { 1643 $awayreason = $lang->away_no_reason; 1644 } 1645 if($memprofile['returndate'] == '') 1646 { 1647 $returndate = "$lang->unknown"; 1648 } 1649 else 1650 { 1651 $returnhome = explode("-", $memprofile['returndate']); 1652 1653 // PHP native date functions use integers so timestamps for years after 2038 will not work 1654 // Thus we use adodb_mktime 1655 if($returnhome[2] >= 2038) 1656 { 1657 require_once MYBB_ROOT."inc/functions_time.php"; 1658 $returnmkdate = adodb_mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]); 1659 $returndate = my_date($mybb->settings['dateformat'], $returnmkdate, "", 1, true); 1660 } 1661 else 1662 { 1663 $returnmkdate = mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]); 1664 $returndate = my_date($mybb->settings['dateformat'], $returnmkdate); 1665 } 1666 1667 // If our away time has expired already, we should be back, right? 1668 if($returnmkdate < TIME_NOW) 1669 { 1670 $db->update_query('users', array('away' => '0', 'awaydate' => '0', 'returndate' => '', 'awayreason' => ''), 'uid=\''.intval($memprofile['uid']).'\''); 1671 1672 // Update our status to "not away" 1673 $memprofile['away'] = 0; 1674 } 1675 } 1676 1677 // Check if our away status is set to 1, it may have been updated already (see a few lines above) 1678 if($memprofile['away'] == 1) 1679 { 1680 eval("\$awaybit = \"".$templates->get("member_profile_away")."\";"); 1681 } 1682 } 1683 if($memprofile['dst'] == 1) 1684 { 1685 $memprofile['timezone']++; 1686 if(my_substr($memprofile['timezone'], 0, 1) != "-") 1687 { 1688 $memprofile['timezone'] = "+{$memprofile['timezone']}"; 1689 } 1690 } 1691 $memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']); 1692 $memlocaldate = gmdate($mybb->settings['dateformat'], TIME_NOW + ($memprofile['timezone'] * 3600)); 1693 $memlocaltime = gmdate($mybb->settings['timeformat'], TIME_NOW + ($memprofile['timezone'] * 3600)); 1694 1695 $localtime = $lang->sprintf($lang->local_time_format, $memlocaldate, $memlocaltime); 1696 1697 if($memprofile['lastactive']) 1698 { 1699 $memlastvisitdate = my_date($mybb->settings['dateformat'], $memprofile['lastactive']); 1700 $memlastvisitsep = $lang->comma; 1701 $memlastvisittime = my_date($mybb->settings['timeformat'], $memprofile['lastactive']); 1702 } 1703 else 1704 { 1705 $memlastvisitdate = $lang->lastvisit_never; 1706 $memlastvisitsep = ''; 1707 $memlastvisittime = ''; 1708 } 1709 1710 if($memprofile['birthday']) 1711 { 1712 $membday = explode("-", $memprofile['birthday']); 1713 1714 if($memprofile['birthdayprivacy'] != 'none') 1715 { 1716 if($membday[0] && $membday[1] && $membday[2]) 1717 { 1718 $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday'])); 1719 1720 if($membday[2] >= 1970) 1721 { 1722 $w_day = date("l", mktime(0, 0, 0, $membday[1], $membday[0], $membday[2])); 1723 $membday = format_bdays($mybb->settings['dateformat'], $membday[1], $membday[0], $membday[2], $w_day); 1724 } 1725 else 1726 { 1727 $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]); 1728 $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]); 1729 $membday = date($bdayformat, $membday); 1730 } 1731 $membdayage = $lang->membdayage; 1732 } 1733 elseif($membday[2]) 1734 { 1735 $membday = mktime(0, 0, 0, 1, 1, $membday[2]); 1736 $membday = date("Y", $membday); 1737 $membdayage = ''; 1738 } 1739 else 1740 { 1741 $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0); 1742 $membday = date("F j", $membday); 1743 $membdayage = ''; 1744 } 1745 } 1746 1747 if($memprofile['birthdayprivacy'] == 'age') 1748 { 1749 $membday = $lang->birthdayhidden; 1750 } 1751 else if($memprofile['birthdayprivacy'] == 'none') 1752 { 1753 $membday = $lang->birthdayhidden; 1754 $membdayage = ''; 1755 } 1756 } 1757 else 1758 { 1759 $membday = $lang->not_specified; 1760 $membdayage = ''; 1761 } 1762 1763 if(!$memprofile['displaygroup']) 1764 { 1765 $memprofile['displaygroup'] = $memprofile['usergroup']; 1766 } 1767 1768 // Grab the following fields from the user's displaygroup 1769 $displaygroupfields = array( 1770 "title", 1771 "usertitle", 1772 "stars", 1773 "starimage", 1774 "image", 1775 "usereputationsystem" 1776 ); 1777 $displaygroup = usergroup_displaygroup($memprofile['displaygroup']); 1778 1779 // Get the user title for this user 1780 unset($usertitle); 1781 unset($stars); 1782 $starimage = ''; 1783 if(trim($memprofile['usertitle']) != '') 1784 { 1785 // User has custom user title 1786 $usertitle = $memprofile['usertitle']; 1787 } 1788 elseif(trim($displaygroup['usertitle']) != '') 1789 { 1790 // User has group title 1791 $usertitle = $displaygroup['usertitle']; 1792 } 1793 else 1794 { 1795 // No usergroup title so get a default one 1796 $usertitles = $cache->read('usertitles'); 1797 1798 if(is_array($usertitles)) 1799 { 1800 foreach($usertitles as $title) 1801 { 1802 if($memprofile['postnum'] >= $title['posts']) 1803 { 1804 $usertitle = $title['title']; 1805 $stars = $title['stars']; 1806 $starimage = $title['starimage']; 1807 1808 break; 1809 } 1810 } 1811 } 1812 } 1813 1814 if($displaygroup['stars'] || $displaygroup['usertitle']) 1815 { 1816 // Set the number of stars if display group has constant number of stars 1817 $stars = $displaygroup['stars']; 1818 } 1819 elseif(!$stars) 1820 { 1821 if(!is_array($usertitles)) 1822 { 1823 $usertitles = $cache->read('usertitles'); 1824 } 1825 1826 // This is for cases where the user has a title, but the group has no defined number of stars (use number of stars as per default usergroups) 1827 if(is_array($usertitles)) 1828 { 1829 foreach($usertitles as $title) 1830 { 1831 if($memprofile['postnum'] >= $title['posts']) 1832 { 1833 $stars = $title['stars']; 1834 $starimage = $title['starimage']; 1835 break; 1836 } 1837 } 1838 } 1839 } 1840 1841 $groupimage = ''; 1842 if(!empty($displaygroup['image'])) 1843 { 1844 if(!empty($mybb->user['language'])) 1845 { 1846 $language = $mybb->user['language']; 1847 } 1848 else 1849 { 1850 $language = $mybb->settings['bblanguage']; 1851 } 1852 $displaygroup['image'] = str_replace("{lang}", $language, $displaygroup['image']); 1853 $displaygroup['image'] = str_replace("{theme}", $theme['imgdir'], $displaygroup['image']); 1854 eval("\$groupimage = \"".$templates->get("member_profile_groupimage")."\";"); 1855 } 1856 1857 if(empty($starimage)) 1858 { 1859 $starimage = $displaygroup['starimage']; 1860 } 1861 1862 if(!empty($starimage)) 1863 { 1864 // Only display stars if we have an image to use... 1865 $starimage = str_replace("{theme}", $theme['imgdir'], $starimage); 1866 $userstars = ''; 1867 for($i = 0; $i < $stars; ++$i) 1868 { 1869 $userstars .= "<img src=\"$starimage\" border=\"0\" alt=\"*\" />"; 1870 } 1871 } 1872 1873 // User is currently online and this user has permissions to view the user on the WOL 1874 $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60; 1875 $query = $db->simple_select("sessions", "location,nopermission", "uid='$uid' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1)); 1876 $session = $db->fetch_array($query); 1877 1878 if(($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid']) && !empty($session)) 1879 { 1880 // Fetch their current location 1881 $lang->load("online"); 1882 require_once MYBB_ROOT."inc/functions_online.php"; 1883 $activity = fetch_wol_activity($session['location'], $session['nopermission']); 1884 $location = build_friendly_wol_location($activity); 1885 $location_time = my_date($mybb->settings['timeformat'], $memprofile['lastactive']); 1886 1887 eval("\$online_status = \"".$templates->get("member_profile_online")."\";"); 1888 } 1889 // User is offline 1890 else 1891 { 1892 eval("\$online_status = \"".$templates->get("member_profile_offline")."\";"); 1893 } 1894 1895 // Build Referral 1896 if($mybb->settings['usereferrals'] == 1) 1897 { 1898 // Reset the background colours to keep it inline 1899 $bg_color = alt_trow(true); 1900 1901 eval("\$referrals = \"".$templates->get("member_profile_referrals")."\";"); 1902 } 1903 else 1904 { 1905 // Manually set to override colours... 1906 $alttrow = 'trow2'; 1907 } 1908 1909 // Fetch the reputation for this user 1910 if($memperms['usereputationsystem'] == 1 && $displaygroup['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1) 1911 { 1912 $bg_color = alt_trow(); 1913 $reputation = get_reputation($memprofile['reputation']); 1914 1915 // If this user has permission to give reputations show the vote link 1916 $vote_link = ''; 1917 if($mybb->usergroup['cangivereputations'] == 1 && $memprofile['uid'] != $mybb->user['uid'] && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep'])) 1918 { 1919 $vote_link = "[<a href=\"javascript:MyBB.reputation({$memprofile['uid']});\">{$lang->reputation_vote}</a>]"; 1920 } 1921 1922 eval("\$reputation = \"".$templates->get("member_profile_reputation")."\";"); 1923 } 1924 1925 if($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || ($mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0))) 1926 { 1927 $bg_color = alt_trow(); 1928 $warning_level = round($memprofile['warningpoints']/$mybb->settings['maxwarningpoints']*100); 1929 if($warning_level > 100) 1930 { 1931 $warning_level = 100; 1932 } 1933 $warning_level = get_colored_warning_level($warning_level); 1934 if($mybb->usergroup['canwarnusers'] != 0 && $memprofile['uid'] != $mybb->user['uid']) 1935 { 1936 eval("\$warn_user = \"".$templates->get("member_profile_warn")."\";"); 1937 $warning_link = "warnings.php?uid={$memprofile['uid']}"; 1938 } 1939 else 1940 { 1941 $warn_user = ''; 1942 $warning_link = 'usercp.php'; 1943 } 1944 eval("\$warning_level = \"".$templates->get("member_profile_warninglevel")."\";"); 1945 } 1946 1947 $query = $db->simple_select("userfields", "*", "ufid='$uid'"); 1948 $userfields = $db->fetch_array($query); 1949 $customfields = ''; 1950 $bgcolor = "trow1"; 1951 $alttrow = "trow1"; 1952 // If this user is an Administrator or a Moderator then we wish to show all profile fields 1953 if($mybb->usergroup['cancp'] == 1 || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['canmodcp'] == 1) 1954 { 1955 $field_hidden = '1=1'; 1956 } 1957 else 1958 { 1959 $field_hidden = "hidden=0"; 1960 } 1961 $query = $db->simple_select("profilefields", "*", "{$field_hidden}", array('order_by' => 'disporder')); 1962 while($customfield = $db->fetch_array($query)) 1963 { 1964 $thing = explode("\n", $customfield['type'], "2"); 1965 $type = trim($thing[0]); 1966 1967 $customfieldval = ''; 1968 $field = "fid{$customfield['fid']}"; 1969 1970 if(isset($userfields[$field])) 1971 { 1972 $useropts = explode("\n", $userfields[$field]); 1973 $customfieldval = $comma = ''; 1974 if(is_array($useropts) && ($type == "multiselect" || $type == "checkbox")) 1975 { 1976 foreach($useropts as $val) 1977 { 1978 if($val != '') 1979 { 1980 $customfieldval .= "<li style=\"margin-left: 0;\">{$val}</li>"; 1981 } 1982 } 1983 if($customfieldval != '') 1984 { 1985 $customfieldval = "<ul style=\"margin: 0; padding-left: 15px;\">{$customfieldval}</ul>"; 1986 } 1987 } 1988 else 1989 { 1990 $userfields[$field] = $parser->parse_badwords($userfields[$field]); 1991 1992 if($customfield['type'] == "textarea") 1993 { 1994 $customfieldval = nl2br(htmlspecialchars_uni($userfields[$field])); 1995 } 1996 else 1997 { 1998 $customfieldval = htmlspecialchars_uni($userfields[$field]); 1999 } 2000 } 2001 } 2002 2003 $customfield['name'] = htmlspecialchars_uni($customfield['name']); 2004 eval("\$customfields .= \"".$templates->get("member_profile_customfields_field")."\";"); 2005 $bgcolor = alt_trow(); 2006 } 2007 if($customfields) 2008 { 2009 eval("\$profilefields = \"".$templates->get("member_profile_customfields")."\";"); 2010 } 2011 $memprofile['postnum'] = my_number_format($memprofile['postnum']); 2012 $lang->ppd_percent_total = $lang->sprintf($lang->ppd_percent_total, my_number_format($ppd), $percent); 2013 $formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']); 2014 if($memprofile['timeonline'] > 0) 2015 { 2016 $timeonline = nice_time($memprofile['timeonline']); 2017 } 2018 else 2019 { 2020 $timeonline = $lang->none_registered; 2021 } 2022 2023 $adminoptions = ''; 2024 if($mybb->usergroup['cancp'] == 1 && $mybb->config['hide_admin_links'] != 1) 2025 { 2026 eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions")."\";"); 2027 } 2028 2029 $modoptions = ''; 2030 if($mybb->usergroup['canmodcp'] == 1) 2031 { 2032 $memprofile['usernotes'] = nl2br(htmlspecialchars_uni($memprofile['usernotes'])); 2033 2034 if(!empty($memprofile['usernotes'])) 2035 { 2036 if(strlen($memprofile['usernotes']) > 100) 2037 { 2038 $memprofile['usernotes'] = my_substr($memprofile['usernotes'], 0, 100).'...'; 2039 } 2040 } 2041 else 2042 { 2043 $memprofile['usernotes'] = $lang->no_usernotes; 2044 } 2045 2046 eval("\$modoptions = \"".$templates->get("member_profile_modoptions")."\";"); 2047 } 2048 2049 $buddy_options = ''; 2050 if($mybb->user['uid'] != $memprofile['uid'] && $mybb->user['uid'] != 0) 2051 { 2052 $buddy_list = explode(',', $mybb->user['buddylist']); 2053 if(in_array($mybb->input['uid'], $buddy_list)) 2054 { 2055 $buddy_options = "<br /><a href=\"./usercp.php?action=do_editlists&delete={$mybb->input['uid']}&my_post_key={$mybb->post_code}\"><img src=\"{$theme['imgdir']}/remove_buddy.gif\" alt=\"{$lang->remove_from_buddy_list}\" /> {$lang->remove_from_buddy_list}</a>"; 2056 } 2057 else 2058 { 2059 $buddy_options = "<br /><a href=\"./usercp.php?action=do_editlists&add_username=".urlencode($memprofile['username'])."&my_post_key={$mybb->post_code}\"><img src=\"{$theme['imgdir']}/add_buddy.gif\" alt=\"{$lang->add_to_buddy_list}\" /> {$lang->add_to_buddy_list}</a>"; 2060 } 2061 2062 $ignore_list = explode(',', $mybb->user['ignorelist']); 2063 if(in_array($mybb->input['uid'], $ignore_list)) 2064 { 2065 $buddy_options .= "<br /><a href=\"./usercp.php?action=do_editlists&manage=ignored&delete={$mybb->input['uid']}&my_post_key={$mybb->post_code}\"><img src=\"{$theme['imgdir']}/remove_ignore.gif\" alt=\"{$lang->remove_from_ignore_list}\" /> {$lang->remove_from_ignore_list}</a>"; 2066 } 2067 else 2068 { 2069 $buddy_options .= "<br /><a href=\"./usercp.php?action=do_editlists&manage=ignored&add_username=".urlencode($memprofile['username'])."&my_post_key={$mybb->post_code}\"><img src=\"{$theme['imgdir']}/add_ignore.gif\" alt=\"{$lang->add_to_ignore_list}\" /> {$lang->add_to_ignore_list}</a>"; 2070 } 2071 } 2072 2073 $plugins->run_hooks("member_profile_end"); 2074 2075 eval("\$profile = \"".$templates->get("member_profile")."\";"); 2076 output_page($profile); 2077 } 2078 2079 if($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post") 2080 { 2081 // Verify incoming POST request 2082 verify_post_check($mybb->input['my_post_key']); 2083 2084 $plugins->run_hooks("member_do_emailuser_start"); 2085 2086 // Guests or those without permission can't email other users 2087 if($mybb->usergroup['cansendemail'] == 0 || !$mybb->user['uid']) 2088 { 2089 error_no_permission(); 2090 } 2091 2092 // Check group limits 2093 if($mybb->usergroup['maxemails'] > 0) 2094 { 2095 $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "fromuid='{$mybb->user['uid']}' AND dateline >= '".(TIME_NOW - (60*60*24))."'"); 2096 $sent_count = $db->fetch_field($query, "sent_count"); 2097 if($sent_count >= $mybb->usergroup['maxemails']) 2098 { 2099 $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']); 2100 error($lang->error_max_emails_day); 2101 } 2102 } 2103 2104 $query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".intval($mybb->input['uid'])."'"); 2105 $to_user = $db->fetch_array($query); 2106 2107 if(!$to_user['username']) 2108 { 2109 error($lang->error_invalidusername); 2110 } 2111 2112 if($to_user['hideemail'] != 0) 2113 { 2114 error($lang->error_hideemail); 2115 } 2116 2117 if(empty($mybb->input['subject'])) 2118 { 2119 $errors[] = $lang->error_no_email_subject; 2120 } 2121 2122 if(empty($mybb->input['message'])) 2123 { 2124 $errors[] = $lang->error_no_email_message; 2125 } 2126 2127 if(count($errors) == 0) 2128 { 2129 if($mybb->settings['mail_handler'] == 'smtp') 2130 { 2131 $from = $mybb->user['email']; 2132 } 2133 else 2134 { 2135 $from = "{$mybb->user['username']} <{$mybb->user['email']}>"; 2136 } 2137 2138 $message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->input['message']); 2139 my_mail($to_user['email'], $mybb->input['subject'], $message, $from, "", "", false, "text", "", $mybb->user['email']); 2140 2141 if($mybb->settings['mail_logging'] > 0) 2142 { 2143 // Log the message 2144 $log_entry = array( 2145 "subject" => $db->escape_string($mybb->input['subject']), 2146 "message" => $db->escape_string($mybb->input['message']), 2147 "dateline" => TIME_NOW, 2148 "fromuid" => $mybb->user['uid'], 2149 "fromemail" => $db->escape_string($mybb->user['email']), 2150 "touid" => $to_user['uid'], 2151 "toemail" => $db->escape_string($to_user['email']), 2152 "tid" => 0, 2153 "ipaddress" => $db->escape_string($session->ipaddress) 2154 ); 2155 $db->insert_query("maillogs", $log_entry); 2156 } 2157 2158 $plugins->run_hooks("member_do_emailuser_end"); 2159 2160 redirect(get_profile_link($to_user['uid']), $lang->redirect_emailsent); 2161 } 2162 else 2163 { 2164 $mybb->input['action'] = "emailuser"; 2165 } 2166 } 2167 2168 if($mybb->input['action'] == "emailuser") 2169 { 2170 $plugins->run_hooks("member_emailuser_start"); 2171 2172 // Guests or those without permission can't email other users 2173 if($mybb->usergroup['cansendemail'] == 0 || !$mybb->user['uid']) 2174 { 2175 error_no_permission(); 2176 } 2177 2178 // Check group limits 2179 if($mybb->usergroup['maxemails'] > 0) 2180 { 2181 $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "fromuid='{$mybb->user['uid']}' AND dateline >= '".(TIME_NOW - (60*60*24))."'"); 2182 $sent_count = $db->fetch_field($query, "sent_count"); 2183 if($sent_count > $mybb->usergroup['maxemails']) 2184 { 2185 $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']); 2186 error($lang->error_max_emails_day); 2187 } 2188 } 2189 2190 $query = $db->simple_select("users", "uid, username, email, hideemail, ignorelist", "uid='".intval($mybb->input['uid'])."'"); 2191 $to_user = $db->fetch_array($query); 2192 2193 $lang->email_user = $lang->sprintf($lang->email_user, $to_user['username']); 2194 2195 if(!$to_user['uid']) 2196 { 2197 error($lang->error_invaliduser); 2198 } 2199 2200 if($to_user['hideemail'] != 0) 2201 { 2202 error($lang->error_hideemail); 2203 } 2204 2205 if($to_user['ignorelist'] && (my_strpos(",".$to_user['ignorelist'].",", ",".$mybb->user['uid'].",") !== false && $mybb->usergroup['cansendemailoverride'] != 1)) 2206 { 2207 error_no_permission(); 2208 } 2209 2210 if(count($errors) > 0) 2211 { 2212 $errors = inline_error($errors); 2213 $subject = htmlspecialchars_uni($mybb->input['subject']); 2214 $message = htmlspecialchars_uni($mybb->input['message']); 2215 } 2216 else 2217 { 2218 $errors = ''; 2219 $subject = ''; 2220 $message = ''; 2221 } 2222 2223 $plugins->run_hooks("member_emailuser_end"); 2224 2225 eval("\$emailuser = \"".$templates->get("member_emailuser")."\";"); 2226 output_page($emailuser); 2227 } 2228 2229 if(!$mybb->input['action']) 2230 { 2231 header("Location: index.php"); 2232 } 2233 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Tue Oct 8 19:19:50 2013 | Cross-referenced by PHPXref 0.7.1 |