| [ Index ] |
PHP Cross Reference of MyBB 1.6.7 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id: member.php 5753 2012-03-09 14:53:07Z Tomm $ 10 */ 11 12 define("IN_MYBB", 1); 13 define('THIS_SCRIPT', 'member.php'); 14 define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword"); 15 16 $nosession['avatar'] = 1; 17 $templatelist = "member_register,error_nousername,error_nopassword,error_passwordmismatch,error_invalidemail,error_usernametaken,error_emailmismatch,error_noemail,redirect_registered,member_register_hiddencaptcha"; 18 $templatelist .= ",redirect_loggedout,login,redirect_loggedin,error_invalidusername,error_invalidpassword,member_profile_email,member_profile_offline,member_profile_reputation,member_profile_warn,member_profile_warninglevel,member_profile_customfields_field,member_profile_customfields,member_profile_adminoptions,member_profile,member_login,member_profile_online,member_profile_modoptions,member_profile_signature,member_profile_groupimage,member_profile_referrals"; 19 require_once "./global.php"; 20 21 require_once MYBB_ROOT."inc/functions_post.php"; 22 require_once MYBB_ROOT."inc/functions_user.php"; 23 require_once MYBB_ROOT."inc/class_parser.php"; 24 $parser = new postParser; 25 26 // Load global language phrases 27 $lang->load("member"); 28 29 // Make navigation 30 switch($mybb->input['action']) 31 { 32 case "register": 33 case "do_register": 34 add_breadcrumb($lang->nav_register); 35 break; 36 case "activate": 37 add_breadcrumb($lang->nav_activate); 38 break; 39 case "resendactivation": 40 add_breadcrumb($lang->nav_resendactivation); 41 break; 42 case "lostpw": 43 add_breadcrumb($lang->nav_lostpw); 44 break; 45 case "resetpassword": 46 add_breadcrumb($lang->nav_resetpassword); 47 break; 48 case "login": 49 add_breadcrumb($lang->nav_login); 50 break; 51 case "emailuser": 52 add_breadcrumb($lang->nav_emailuser); 53 break; 54 } 55 56 if(($mybb->input['action'] == "register" || $mybb->input['action'] == "do_register") && $mybb->usergroup['cancp'] != 1) 57 { 58 if($mybb->settings['disableregs'] == 1) 59 { 60 error($lang->registrations_disabled); 61 } 62 if($mybb->user['regdate']) 63 { 64 error($lang->error_alreadyregistered); 65 } 66 if($mybb->settings['betweenregstime'] && $mybb->settings['maxregsbetweentime']) 67 { 68 $time = TIME_NOW; 69 $datecut = $time-(60*60*$mybb->settings['betweenregstime']); 70 $query = $db->simple_select("users", "*", "regip='".$db->escape_string($session->ipaddress)."' AND regdate > '$datecut'"); 71 $regcount = $db->num_rows($query); 72 if($regcount >= $mybb->settings['maxregsbetweentime']) 73 { 74 $lang->error_alreadyregisteredtime = $lang->sprintf($lang->error_alreadyregisteredtime, $regcount, $mybb->settings['betweenregstime']); 75 error($lang->error_alreadyregisteredtime); 76 } 77 } 78 } 79 80 if($mybb->input['action'] == "do_register" && $mybb->request_method == "post") 81 { 82 $plugins->run_hooks("member_do_register_start"); 83 84 // If we have hidden CATPCHA enabled and it's filled, deny registration 85 if($mybb->settings['hiddencaptchaimage']) 86 { 87 $string = $mybb->settings['hiddencaptchaimagefield']; 88 89 if($mybb->input[$string] != '') 90 { 91 error($lang->error_spam_deny); 92 } 93 } 94 95 if($mybb->settings['regtype'] == "randompass") 96 { 97 $mybb->input['password'] = random_str(); 98 $mybb->input['password2'] = $mybb->input['password']; 99 } 100 101 if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->input['coppa'] == 1) 102 { 103 $usergroup = 5; 104 } 105 else 106 { 107 $usergroup = 2; 108 } 109 110 // Set up user handler. 111 require_once MYBB_ROOT."inc/datahandlers/user.php"; 112 $userhandler = new UserDataHandler("insert"); 113 114 // Set the data for the new user. 115 $user = array( 116 "username" => $mybb->input['username'], 117 "password" => $mybb->input['password'], 118 "password2" => $mybb->input['password2'], 119 "email" => $mybb->input['email'], 120 "email2" => $mybb->input['email2'], 121 "usergroup" => $usergroup, 122 "referrer" => $mybb->input['referrername'], 123 "timezone" => $mybb->input['timezoneoffset'], 124 "language" => $mybb->input['language'], 125 "profile_fields" => $mybb->input['profile_fields'], 126 "regip" => $session->ipaddress, 127 "longregip" => my_ip2long($session->ipaddress), 128 "coppa_user" => intval($mybb->cookies['coppauser']), 129 ); 130 131 if(isset($mybb->input['regcheck1']) && isset($mybb->input['regcheck2'])) 132 { 133 $user['regcheck1'] = $mybb->input['regcheck1']; 134 $user['regcheck2'] = $mybb->input['regcheck2']; 135 } 136 137 // Do we have a saved COPPA DOB? 138 if($mybb->cookies['coppadob']) 139 { 140 list($dob_day, $dob_month, $dob_year) = explode("-", $mybb->cookies['coppadob']); 141 $user['birthday'] = array( 142 "day" => $dob_day, 143 "month" => $dob_month, 144 "year" => $dob_year 145 ); 146 } 147 148 $user['options'] = array( 149 "allownotices" => $mybb->input['allownotices'], 150 "hideemail" => $mybb->input['hideemail'], 151 "subscriptionmethod" => $mybb->input['subscriptionmethod'], 152 "receivepms" => $mybb->input['receivepms'], 153 "pmnotice" => $mybb->input['pmnotice'], 154 "emailpmnotify" => $mybb->input['emailpmnotify'], 155 "invisible" => $mybb->input['invisible'], 156 "dstcorrection" => $mybb->input['dstcorrection'] 157 ); 158 159 $userhandler->set_data($user); 160 161 $errors = ""; 162 163 if(!$userhandler->validate_user()) 164 { 165 $errors = $userhandler->get_friendly_errors(); 166 } 167 168 if($mybb->settings['captchaimage']) 169 { 170 require_once MYBB_ROOT.'inc/class_captcha.php'; 171 $captcha = new captcha; 172 173 if($captcha->validate_captcha() == false) 174 { 175 // CAPTCHA validation failed 176 foreach($captcha->get_errors() as $error) 177 { 178 $errors[] = $error; 179 } 180 } 181 } 182 183 if(is_array($errors)) 184 { 185 $username = htmlspecialchars_uni($mybb->input['username']); 186 $email = htmlspecialchars_uni($mybb->input['email']); 187 $email2 = htmlspecialchars_uni($mybb->input['email']); 188 $referrername = htmlspecialchars_uni($mybb->input['referrername']); 189 190 if($mybb->input['allownotices'] == 1) 191 { 192 $allownoticescheck = "checked=\"checked\""; 193 } 194 195 if($mybb->input['hideemail'] == 1) 196 { 197 $hideemailcheck = "checked=\"checked\""; 198 } 199 200 if($mybb->input['subscriptionmethod'] == 1) 201 { 202 $no_email_subscribe_selected = "selected=\"selected\""; 203 } 204 else if($mybb->input['subscriptionmethod'] == 2) 205 { 206 $instant_email_subscribe_selected = "selected=\"selected\""; 207 } 208 else 209 { 210 $no_subscribe_selected = "selected=\"selected\""; 211 } 212 213 if($mybb->input['receivepms'] == 1) 214 { 215 $receivepmscheck = "checked=\"checked\""; 216 } 217 218 if($mybb->input['pmnotice'] == 1) 219 { 220 $pmnoticecheck = " checked=\"checked\""; 221 } 222 223 if($mybb->input['emailpmnotify'] == 1) 224 { 225 $emailpmnotifycheck = "checked=\"checked\""; 226 } 227 228 if($mybb->input['invisible'] == 1) 229 { 230 $invisiblecheck = "checked=\"checked\""; 231 } 232 233 if($mybb->input['dstcorrection'] == 2) 234 { 235 $dst_auto_selected = "selected=\"selected\""; 236 } 237 else if($mybb->input['dstcorrection'] == 1) 238 { 239 $dst_enabled_selected = "selected=\"selected\""; 240 } 241 else 242 { 243 $dst_disabled_selected = "selected=\"selected\""; 244 } 245 246 $regerrors = inline_error($errors); 247 $mybb->input['action'] = "register"; 248 $fromreg = 1; 249 } 250 else 251 { 252 $user_info = $userhandler->insert_user(); 253 254 if($mybb->settings['regtype'] != "randompass" && !$mybb->cookies['coppauser']) 255 { 256 // Log them in 257 my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true); 258 } 259 260 if($mybb->cookies['coppauser']) 261 { 262 $lang->redirect_registered_coppa_activate = $lang->sprintf($lang->redirect_registered_coppa_activate, $mybb->settings['bbname'], $user_info['username']); 263 my_unsetcookie("coppauser"); 264 my_unsetcookie("coppadob"); 265 $plugins->run_hooks("member_do_register_end"); 266 error($lang->redirect_registered_coppa_activate); 267 } 268 else if($mybb->settings['regtype'] == "verify") 269 { 270 $activationcode = random_str(); 271 $now = TIME_NOW; 272 $activationarray = array( 273 "uid" => $user_info['uid'], 274 "dateline" => TIME_NOW, 275 "code" => $activationcode, 276 "type" => "r" 277 ); 278 $db->insert_query("awaitingactivation", $activationarray); 279 $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']); 280 switch($mybb->settings['username_method']) 281 { 282 case 0: 283 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 284 break; 285 case 1: 286 $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 287 break; 288 case 2: 289 $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 290 break; 291 default: 292 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 293 break; 294 } 295 my_mail($user_info['email'], $emailsubject, $emailmessage); 296 297 $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], $user_info['username']); 298 299 $plugins->run_hooks("member_do_register_end"); 300 301 error($lang->redirect_registered_activation); 302 } 303 else if($mybb->settings['regtype'] == "randompass") 304 { 305 $emailsubject = $lang->sprintf($lang->emailsubject_randompassword, $mybb->settings['bbname']); 306 switch($mybb->settings['username_method']) 307 { 308 case 0: 309 $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $user_info['password']); 310 break; 311 case 1: 312 $emailmessage = $lang->sprintf($lang->email_randompassword1, $user['username'], $mybb->settings['bbname'], $user_info['username'], $user_info['password']); 313 break; 314 case 2: 315 $emailmessage = $lang->sprintf($lang->email_randompassword2, $user['username'], $mybb->settings['bbname'], $user_info['username'], $user_info['password']); 316 break; 317 default: 318 $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $user_info['password']); 319 break; 320 } 321 my_mail($user_info['email'], $emailsubject, $emailmessage); 322 323 $plugins->run_hooks("member_do_register_end"); 324 325 error($lang->redirect_registered_passwordsent); 326 } 327 else if($mybb->settings['regtype'] == "admin") 328 { 329 $lang->redirect_registered_admin_activate = $lang->sprintf($lang->redirect_registered_admin_activate, $mybb->settings['bbname'], $user_info['username']); 330 331 $plugins->run_hooks("member_do_register_end"); 332 333 error($lang->redirect_registered_admin_activate); 334 } 335 else 336 { 337 $lang->redirect_registered = $lang->sprintf($lang->redirect_registered, $mybb->settings['bbname'], $user_info['username']); 338 339 $plugins->run_hooks("member_do_register_end"); 340 341 redirect("index.php", $lang->redirect_registered); 342 } 343 } 344 } 345 346 if($mybb->input['action'] == "coppa_form") 347 { 348 if(!$mybb->settings['faxno']) 349 { 350 $mybb->settings['faxno'] = " "; 351 } 352 353 eval("\$coppa_form = \"".$templates->get("member_coppa_form")."\";"); 354 output_page($coppa_form); 355 } 356 357 if($mybb->input['action'] == "register") 358 { 359 $bdaysel = ''; 360 if($mybb->settings['coppa'] == "disabled") 361 { 362 $bdaysel = $bday2blank = "<option value=\"\"> </option>"; 363 } 364 for($i = 1; $i <= 31; ++$i) 365 { 366 if($mybb->input['bday1'] == $i) 367 { 368 $bdaysel .= "<option value=\"$i\" selected=\"selected\">$i</option>\n"; 369 } 370 else 371 { 372 $bdaysel .= "<option value=\"$i\">$i</option>\n"; 373 } 374 } 375 376 $bdaymonthsel[$mybb->input['bday2']] = "selected=\"selected\""; 377 $mybb->input['bday3'] = intval($mybb->input['bday3']); 378 379 if($mybb->input['bday3'] == 0) $mybb->input['bday3'] = ""; 380 381 // Is COPPA checking enabled? 382 if($mybb->settings['coppa'] != "disabled" && !$mybb->input['step']) 383 { 384 // Just selected DOB, we check 385 if($mybb->input['bday1'] && $mybb->input['bday2'] && $mybb->input['bday3']) 386 { 387 my_unsetcookie("coppauser"); 388 389 $bdaytime = @mktime(0, 0, 0, $mybb->input['bday2'], $mybb->input['bday1'], $mybb->input['bday3']); 390 391 // Store DOB in cookie so we can save it with the registration 392 my_setcookie("coppadob", "{$mybb->input['bday1']}-{$mybb->input['bday2']}-{$mybb->input['bday3']}", -1); 393 394 // User is <= 13, we mark as a coppa user 395 if($bdaytime >= mktime(0, 0, 0, my_date('n'), my_date('d'), my_date('Y')-13)) 396 { 397 my_setcookie("coppauser", 1, -0); 398 $under_thirteen = true; 399 } 400 $mybb->request_method = ""; 401 } 402 // Show DOB select form 403 else 404 { 405 $plugins->run_hooks("member_register_coppa"); 406 407 my_unsetcookie("coppauser"); 408 409 eval("\$coppa = \"".$templates->get("member_register_coppa")."\";"); 410 output_page($coppa); 411 exit; 412 } 413 } 414 415 if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) || $mybb->request_method != "post") 416 { 417 // Is this user a COPPA user? We need to show the COPPA agreement too 418 if($mybb->settings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen)) 419 { 420 if($mybb->settings['coppa'] == "deny") 421 { 422 error($lang->error_need_to_be_thirteen); 423 } 424 $lang->coppa_agreement_1 = $lang->sprintf($lang->coppa_agreement_1, $mybb->settings['bbname']); 425 eval("\$coppa_agreement = \"".$templates->get("member_register_agreement_coppa")."\";"); 426 } 427 428 $plugins->run_hooks("member_register_agreement"); 429 430 eval("\$agreement = \"".$templates->get("member_register_agreement")."\";"); 431 output_page($agreement); 432 } 433 else 434 { 435 $plugins->run_hooks("member_register_start"); 436 437 $validator_extra = ''; 438 439 if(isset($mybb->input['timezoneoffset'])) 440 { 441 $timezoneoffset = $mybb->input['timezoneoffset']; 442 } 443 else 444 { 445 $timezoneoffset = $mybb->settings['timezoneoffset']; 446 } 447 $tzselect = build_timezone_select("timezoneoffset", $timezoneoffset, true); 448 449 $stylelist = build_theme_select("style"); 450 451 if($mybb->settings['usertppoptions']) 452 { 453 $tppoptions = ''; 454 $explodedtpp = explode(",", $mybb->settings['usertppoptions']); 455 if(is_array($explodedtpp)) 456 { 457 foreach($explodedtpp as $val) 458 { 459 $val = trim($val); 460 $tppoptions .= "<option value=\"$val\">".$lang->sprintf($lang->tpp_option, $val)."</option>\n"; 461 } 462 } 463 eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";"); 464 } 465 if($mybb->settings['userpppoptions']) 466 { 467 $pppoptions = ''; 468 $explodedppp = explode(",", $mybb->settings['userpppoptions']); 469 if(is_array($explodedppp)) 470 { 471 foreach($explodedppp as $val) 472 { 473 $val = trim($val); 474 $pppoptions .= "<option value=\"$val\">".$lang->sprintf($lang->ppp_option, $val)."</option>\n"; 475 } 476 } 477 eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";"); 478 } 479 if($mybb->settings['usereferrals'] == 1 && !$mybb->user['uid']) 480 { 481 if($mybb->cookies['mybb']['referrer']) 482 { 483 $query = $db->simple_select("users", "uid,username", "uid='".$db->escape_string($mybb->cookies['mybb']['referrer'])."'"); 484 $ref = $db->fetch_array($query); 485 $referrername = $ref['username']; 486 } 487 elseif($referrer) 488 { 489 $query = $db->simple_select("users", "username", "uid='".intval($referrer['uid'])."'"); 490 $ref = $db->fetch_array($query); 491 $referrername = $ref['username']; 492 } 493 elseif($referrername) 494 { 495 $query = $db->simple_select("users", "uid", "LOWER(username)='".$db->escape_string(my_strtolower($referrername))."'"); 496 $ref = $db->fetch_array($query); 497 if(!$ref['uid']) 498 { 499 $errors[] = $lang->error_badreferrer; 500 } 501 } 502 if($quickreg) 503 { 504 $refbg = "trow1"; 505 } 506 else 507 { 508 $refbg = "trow2"; 509 } 510 // JS validator extra 511 $validator_extra .= "\tregValidator.register('referrer', 'ajax', {url:'xmlhttp.php?action=username_exists', loading_message:'{$lang->js_validator_checking_referrer}'});\n"; 512 513 eval("\$referrer = \"".$templates->get("member_register_referrer")."\";"); 514 } 515 else 516 { 517 $referrer = ''; 518 } 519 // Custom profile fields baby! 520 $altbg = "trow1"; 521 $query = $db->simple_select("profilefields", "*", "required=1", array('order_by' => 'disporder')); 522 while($profilefield = $db->fetch_array($query)) 523 { 524 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 525 $thing = explode("\n", $profilefield['type'], "2"); 526 $type = trim($thing[0]); 527 $options = $thing[1]; 528 $select = ''; 529 $field = "fid{$profilefield['fid']}"; 530 if($errors) 531 { 532 $userfield = $mybb->input['profile_fields'][$field]; 533 } 534 else 535 { 536 $userfield = ''; 537 } 538 if($type == "multiselect") 539 { 540 if($errors) 541 { 542 $useropts = $userfield; 543 } 544 else 545 { 546 $useropts = explode("\n", $userfield); 547 } 548 if(is_array($useropts)) 549 { 550 foreach($useropts as $key => $val) 551 { 552 $seloptions[$val] = $val; 553 } 554 } 555 $expoptions = explode("\n", $options); 556 if(is_array($expoptions)) 557 { 558 foreach($expoptions as $key => $val) 559 { 560 $val = trim($val); 561 $val = str_replace("\n", "\\n", $val); 562 563 $sel = ""; 564 if($val == $seloptions[$val]) 565 { 566 $sel = "selected=\"selected\""; 567 } 568 $select .= "<option value=\"$val\" $sel>$val</option>\n"; 569 } 570 if(!$profilefield['length']) 571 { 572 $profilefield['length'] = 3; 573 } 574 $code = "<select name=\"profile_fields[$field][]\" id=\"{$field}\" size=\"{$profilefield['length']}\" multiple=\"multiple\">$select</select>"; 575 } 576 } 577 elseif($type == "select") 578 { 579 $expoptions = explode("\n", $options); 580 if(is_array($expoptions)) 581 { 582 foreach($expoptions as $key => $val) 583 { 584 $val = trim($val); 585 $val = str_replace("\n", "\\n", $val); 586 $sel = ""; 587 if($val == $userfield) 588 { 589 $sel = "selected=\"selected\""; 590 } 591 $select .= "<option value=\"$val\" $sel>$val</option>"; 592 } 593 if(!$profilefield['length']) 594 { 595 $profilefield['length'] = 1; 596 } 597 $code = "<select name=\"profile_fields[$field]\" id=\"{$field}\" size=\"{$profilefield['length']}\">$select</select>"; 598 } 599 } 600 elseif($type == "radio") 601 { 602 $expoptions = explode("\n", $options); 603 if(is_array($expoptions)) 604 { 605 foreach($expoptions as $key => $val) 606 { 607 $checked = ""; 608 if($val == $userfield) 609 { 610 $checked = "checked=\"checked\""; 611 } 612 $code .= "<input type=\"radio\" class=\"radio\" name=\"profile_fields[$field]\" id=\"{$field}{$key}\" value=\"$val\" $checked /> <span class=\"smalltext\">$val</span><br />"; 613 } 614 } 615 } 616 elseif($type == "checkbox") 617 { 618 if($errors) 619 { 620 $useropts = $userfield; 621 } 622 else 623 { 624 $useropts = explode("\n", $userfield); 625 } 626 if(is_array($useropts)) 627 { 628 foreach($useropts as $key => $val) 629 { 630 $seloptions[$val] = $val; 631 } 632 } 633 $expoptions = explode("\n", $options); 634 if(is_array($expoptions)) 635 { 636 foreach($expoptions as $key => $val) 637 { 638 $checked = ""; 639 if($val == $seloptions[$val]) 640 { 641 $checked = "checked=\"checked\""; 642 } 643 $code .= "<input type=\"checkbox\" class=\"checkbox\" name=\"profile_fields[$field][]\" id=\"{$field}{$key}\" value=\"$val\" $checked /> <span class=\"smalltext\">$val</span><br />"; 644 } 645 } 646 } 647 elseif($type == "textarea") 648 { 649 $value = htmlspecialchars_uni($userfield); 650 $code = "<textarea name=\"profile_fields[$field]\" id=\"{$field}\" rows=\"6\" cols=\"30\" style=\"width: 95%\">$value</textarea>"; 651 } 652 else 653 { 654 $value = htmlspecialchars_uni($userfield); 655 $maxlength = ""; 656 if($profilefield['maxlength'] > 0) 657 { 658 $maxlength = " maxlength=\"{$profilefield['maxlength']}\""; 659 } 660 $code = "<input type=\"text\" name=\"profile_fields[$field]\" id=\"{$field}\" class=\"textbox\" size=\"{$profilefield['length']}\"{$maxlength} value=\"$value\" />"; 661 } 662 if($profilefield['required'] == 1) 663 { 664 // JS validator extra 665 if($type == "checkbox" || $type == "radio") 666 { 667 $id = "{$field}0"; 668 } 669 else 670 { 671 $id = "fid{$profilefield['fid']}"; 672 } 673 $validator_extra .= "\tregValidator.register('{$id}', 'notEmpty', {failure_message:'{$lang->js_validator_not_empty}'});\n"; 674 675 eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";"); 676 } 677 $code = ''; 678 $select = ''; 679 $val = ''; 680 $options = ''; 681 $expoptions = ''; 682 $useropts = ''; 683 $seloptions = ''; 684 } 685 if($requiredfields) 686 { 687 eval("\$requiredfields = \"".$templates->get("member_register_requiredfields")."\";"); 688 } 689 if(!$fromreg) 690 { 691 $allownoticescheck = "checked=\"checked\""; 692 $hideemailcheck = ''; 693 $emailnotifycheck = ''; 694 $receivepmscheck = "checked=\"checked\""; 695 $pmnoticecheck = " checked=\"checked\""; 696 $emailpmnotifycheck = ''; 697 $invisiblecheck = ''; 698 if($mybb->settings['dstcorrection'] == 1) 699 { 700 $enabledstcheck = "checked=\"checked\""; 701 } 702 703 } 704 // Spambot registration image thingy 705 if($mybb->settings['captchaimage']) 706 { 707 require_once MYBB_ROOT.'inc/class_captcha.php'; 708 $captcha = new captcha(true, "member_register_regimage"); 709 710 if($captcha->html) 711 { 712 $regimage = $captcha->html; 713 714 if($mybb->settings['captchaimage'] == 1) 715 { 716 // JS validator extra for our default CAPTCHA 717 $validator_extra .= "\tregValidator.register('imagestring', 'ajax', { url: 'xmlhttp.php?action=validate_captcha', extra_body: 'imagehash', loading_message: '{$lang->js_validator_captcha_valid}', failure_message: '{$lang->js_validator_no_image_text}'} );\n"; 718 } 719 } 720 } 721 // Hidden CAPTCHA for Spambots 722 if($mybb->settings['hiddencaptchaimage']) 723 { 724 $captcha_field = $mybb->settings['hiddencaptchaimagefield']; 725 726 eval("\$hiddencaptcha = \"".$templates->get("member_register_hiddencaptcha")."\";"); 727 } 728 if($mybb->settings['regtype'] != "randompass") 729 { 730 // JS validator extra 731 $lang->js_validator_password_length = $lang->sprintf($lang->js_validator_password_length, $mybb->settings['minpasswordlength']); 732 $validator_extra .= "\tregValidator.register('password', 'length', {match_field:'password2', min: {$mybb->settings['minpasswordlength']}, failure_message:'{$lang->js_validator_password_length}'});\n"; 733 734 // See if the board has "require complex passwords" enabled. 735 if($mybb->settings['requirecomplexpasswords'] == 1) 736 { 737 $lang->password = $lang->complex_password = $lang->sprintf($lang->complex_password, $mybb->settings['minpasswordlength']); 738 $validator_extra .= "\tregValidator.register('password', 'ajax', {url:'xmlhttp.php?action=complex_password', loading_message:'{$lang->js_validator_password_complexity}'});\n"; 739 } 740 $validator_extra .= "\tregValidator.register('password2', 'matches', {match_field:'password', status_field:'password_status', failure_message:'{$lang->js_validator_password_matches}'});\n"; 741 742 eval("\$passboxes = \"".$templates->get("member_register_password")."\";"); 743 } 744 745 // JS validator extra 746 if($mybb->settings['maxnamelength'] > 0 && $mybb->settings['minnamelength'] > 0) 747 { 748 $lang->js_validator_username_length = $lang->sprintf($lang->js_validator_username_length, $mybb->settings['minnamelength'], $mybb->settings['maxnamelength']); 749 $validator_extra .= "\tregValidator.register('username', 'length', {min: {$mybb->settings['minnamelength']}, max: {$mybb->settings['maxnamelength']}, failure_message:'{$lang->js_validator_username_length}'});\n"; 750 } 751 752 $languages = $lang->get_languages(); 753 $langoptions = ''; 754 foreach($languages as $lname => $language) 755 { 756 $language = htmlspecialchars_uni($language); 757 if($user['language'] == $lname) 758 { 759 $langoptions .= "<option value=\"$lname\" selected=\"selected\">$language</option>\n"; 760 } 761 else 762 { 763 $langoptions .= "<option value=\"$lname\">$language</option>\n"; 764 } 765 } 766 767 $plugins->run_hooks("member_register_end"); 768 769 eval("\$registration = \"".$templates->get("member_register")."\";"); 770 output_page($registration); 771 } 772 } 773 774 if($mybb->input['action'] == "activate") 775 { 776 $plugins->run_hooks("member_activate_start"); 777 778 if($mybb->input['username']) 779 { 780 switch($mybb->settings['username']) 781 { 782 case 0: 783 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1)); 784 break; 785 case 1: 786 $query = $db->simple_select("users", "*", "LOWER(email)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1)); 787 break; 788 case 2: 789 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."' OR LOWER(email)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1)); 790 break; 791 default: 792 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1)); 793 break; 794 } 795 $user = $db->fetch_array($query); 796 if(!$user['username']) 797 { 798 switch($mybb->settings['username_method']) 799 { 800 case 0: 801 error($lang->error_invalidpworusername); 802 break; 803 case 1: 804 error($lang->error_invalidpworusername1); 805 break; 806 case 2: 807 error($lang->error_invalidpworusername2); 808 break; 809 default: 810 error($lang->error_invalidpworusername); 811 break; 812 } 813 } 814 $uid = $user['uid']; 815 } 816 else 817 { 818 $query = $db->simple_select("users", "*", "uid='".intval($mybb->input['uid'])."'"); 819 $user = $db->fetch_array($query); 820 } 821 if($mybb->input['code'] && $user['uid']) 822 { 823 $mybb->settings['awaitingusergroup'] = "5"; 824 $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND (type='r' OR type='e')"); 825 $activation = $db->fetch_array($query); 826 if(!$activation['uid']) 827 { 828 error($lang->error_alreadyactivated); 829 } 830 if($activation['code'] != $mybb->input['code']) 831 { 832 error($lang->error_badactivationcode); 833 } 834 $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND (type='r' OR type='e')"); 835 if($user['usergroup'] == 5 && $activation['type'] != "e") 836 { 837 $db->update_query("users", array("usergroup" => 2), "uid='".$user['uid']."'"); 838 } 839 if($activation['type'] == "e") 840 { 841 $newemail = array( 842 "email" => $db->escape_string($activation['misc']), 843 ); 844 $db->update_query("users", $newemail, "uid='".$user['uid']."'"); 845 $plugins->run_hooks("member_activate_emailupdated"); 846 847 redirect("usercp.php", $lang->redirect_emailupdated); 848 } 849 else 850 { 851 $plugins->run_hooks("member_activate_accountactivated"); 852 853 redirect("index.php", $lang->redirect_accountactivated); 854 } 855 } 856 else 857 { 858 $plugins->run_hooks("member_activate_form"); 859 860 eval("\$activate = \"".$templates->get("member_activate")."\";"); 861 output_page($activate); 862 } 863 } 864 865 if($mybb->input['action'] == "resendactivation") 866 { 867 $plugins->run_hooks("member_resendactivation"); 868 869 if($mybb->settings['regtype'] == "admin") 870 { 871 error($lang->error_activated_by_admin); 872 } 873 if($mybb->user['uid'] && $mybb->user['usergroup'] != 5) 874 { 875 error($lang->error_alreadyactivated); 876 } 877 878 eval("\$activate = \"".$templates->get("member_resendactivation")."\";"); 879 output_page($activate); 880 } 881 882 if($mybb->input['action'] == "do_resendactivation" && $mybb->request_method == "post") 883 { 884 $plugins->run_hooks("member_do_resendactivation_start"); 885 886 if($mybb->settings['regtype'] == "admin") 887 { 888 error($lang->error_activated_by_admin); 889 } 890 891 $query = $db->query(" 892 SELECT u.uid, u.username, u.usergroup, u.email, a.code 893 FROM ".TABLE_PREFIX."users u 894 LEFT JOIN ".TABLE_PREFIX."awaitingactivation a ON (a.uid=u.uid AND a.type='r') 895 WHERE u.email='".$db->escape_string($mybb->input['email'])."' 896 "); 897 $numusers = $db->num_rows($query); 898 if($numusers < 1) 899 { 900 error($lang->error_invalidemail); 901 } 902 else 903 { 904 while($user = $db->fetch_array($query)) 905 { 906 if($user['usergroup'] == 5) 907 { 908 if(!$user['code']) 909 { 910 $user['code'] = random_str(); 911 $now = TIME_NOW; 912 $uid = $user['uid']; 913 $awaitingarray = array( 914 "uid" => $uid, 915 "dateline" => TIME_NOW, 916 "code" => $user['code'], 917 "type" => "r" 918 ); 919 $db->insert_query("awaitingactivation", $awaitingarray); 920 } 921 $username = $user['username']; 922 $email = $user['email']; 923 $activationcode = $user['code']; 924 $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']); 925 switch($mybb->settings['username_method']) 926 { 927 case 0: 928 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode); 929 break; 930 case 1: 931 $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode); 932 break; 933 case 2: 934 $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode); 935 break; 936 default: 937 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode); 938 break; 939 } 940 my_mail($email, $emailsubject, $emailmessage); 941 } 942 } 943 $plugins->run_hooks("member_do_resendactivation_end"); 944 945 redirect("index.php", $lang->redirect_activationresent); 946 } 947 } 948 949 if($mybb->input['action'] == "lostpw") 950 { 951 $plugins->run_hooks("member_lostpw"); 952 953 eval("\$lostpw = \"".$templates->get("member_lostpw")."\";"); 954 output_page($lostpw); 955 } 956 957 if($mybb->input['action'] == "do_lostpw" && $mybb->request_method == "post") 958 { 959 $plugins->run_hooks("member_do_lostpw_start"); 960 961 $email = $db->escape_string($email); 962 $query = $db->simple_select("users", "*", "email='".$db->escape_string($mybb->input['email'])."'"); 963 $numusers = $db->num_rows($query); 964 if($numusers < 1) 965 { 966 error($lang->error_invalidemail); 967 } 968 else 969 { 970 while($user = $db->fetch_array($query)) 971 { 972 $db->delete_query("awaitingactivation", "uid='{$user['uid']}' AND type='p'"); 973 $user['activationcode'] = random_str(); 974 $now = TIME_NOW; 975 $uid = $user['uid']; 976 $awaitingarray = array( 977 "uid" => $user['uid'], 978 "dateline" => TIME_NOW, 979 "code" => $user['activationcode'], 980 "type" => "p" 981 ); 982 $db->insert_query("awaitingactivation", $awaitingarray); 983 $username = $user['username']; 984 $email = $user['email']; 985 $activationcode = $user['activationcode']; 986 $emailsubject = $lang->sprintf($lang->emailsubject_lostpw, $mybb->settings['bbname']); 987 switch($mybb->settings['username_method']) 988 { 989 case 0: 990 $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); 991 break; 992 case 1: 993 $emailmessage = $lang->sprintf($lang->email_lostpw1, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); 994 break; 995 case 2: 996 $emailmessage = $lang->sprintf($lang->email_lostpw2, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); 997 break; 998 default: 999 $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); 1000 break; 1001 } 1002 my_mail($email, $emailsubject, $emailmessage); 1003 } 1004 } 1005 $plugins->run_hooks("member_do_lostpw_end"); 1006 1007 redirect("index.php", $lang->redirect_lostpwsent); 1008 } 1009 1010 if($mybb->input['action'] == "resetpassword") 1011 { 1012 $plugins->run_hooks("member_resetpassword_start"); 1013 1014 if($mybb->input['username']) 1015 { 1016 switch($mybb->settings['username_method']) 1017 { 1018 case 0: 1019 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."'"); 1020 break; 1021 case 1: 1022 $query = $db->simple_select("users", "*", "LOWER(email)='".$db->escape_string(my_strtolower($mybb->input['username']))."'"); 1023 break; 1024 case 2: 1025 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."' OR LOWER(email)='".$db->escape_string(my_strtolower($mybb->input['username']))."'"); 1026 break; 1027 default: 1028 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."'"); 1029 break; 1030 } 1031 $user = $db->fetch_array($query); 1032 if(!$user['uid']) 1033 { 1034 switch($mybb->settings['username_method']) 1035 { 1036 case 0: 1037 error($lang->error_invalidpworusername); 1038 break; 1039 case 1: 1040 error($lang->error_invalidpworusername1); 1041 break; 1042 case 2: 1043 error($lang->error_invalidpworusername2); 1044 break; 1045 default: 1046 error($lang->error_invalidpworusername); 1047 break; 1048 } 1049 } 1050 } 1051 else 1052 { 1053 $query = $db->simple_select("users", "*", "uid='".intval($mybb->input['uid'])."'"); 1054 $user = $db->fetch_array($query); 1055 } 1056 if($mybb->input['code'] && $user['uid']) 1057 { 1058 $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND type='p'"); 1059 $activation = $db->fetch_array($query); 1060 $now = TIME_NOW; 1061 if($activation['code'] != $mybb->input['code']) 1062 { 1063 error($lang->error_badlostpwcode); 1064 } 1065 $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND type='p'"); 1066 $username = $user['username']; 1067 1068 // Generate a new password, then update it 1069 $password_length = intval($mybb->settings['minpasswordlength']); 1070 1071 if($password_length < 8) 1072 { 1073 $password_length = 8; 1074 } 1075 1076 $password = random_str($password_length); 1077 $logindetails = update_password($user['uid'], md5($password), $user['salt']); 1078 1079 $email = $user['email']; 1080 1081 $plugins->run_hooks("member_resetpassword_process"); 1082 1083 $emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']); 1084 $emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password); 1085 my_mail($email, $emailsubject, $emailmessage); 1086 1087 $plugins->run_hooks("member_resetpassword_reset"); 1088 1089 error($lang->redirect_passwordreset); 1090 } 1091 else 1092 { 1093 $plugins->run_hooks("member_resetpassword_form"); 1094 1095 switch($mybb->settings['username_method']) 1096 { 1097 case 0: 1098 $lang_username = $lang->username; 1099 break; 1100 case 1: 1101 $lang_username = $lang->username1; 1102 break; 1103 case 2: 1104 $lang_username = $lang->username2; 1105 break; 1106 default: 1107 $lang_username = $lang->username; 1108 break; 1109 } 1110 1111 eval("\$activate = \"".$templates->get("member_resetpassword")."\";"); 1112 output_page($activate); 1113 } 1114 } 1115 1116 $do_captcha = $correct = false; 1117 $inline_errors = ""; 1118 if($mybb->input['action'] == "do_login" && $mybb->request_method == "post") 1119 { 1120 $plugins->run_hooks("member_do_login_start"); 1121 1122 // Checks to make sure the user can login; they haven't had too many tries at logging in. 1123 // Is a fatal call if user has had too many tries 1124 $logins = login_attempt_check(); 1125 $login_text = ''; 1126 1127 // Did we come from the quick login form 1128 if($mybb->input['quick_login'] == "1" && $mybb->input['quick_password'] && $mybb->input['quick_username']) 1129 { 1130 $mybb->input['password'] = $mybb->input['quick_password']; 1131 $mybb->input['username'] = $mybb->input['quick_username']; 1132 $mybb->input['remember'] = $mybb->input['quick_remember']; 1133 } 1134 1135 if(!username_exists($mybb->input['username'])) 1136 { 1137 my_setcookie('loginattempts', $logins + 1); 1138 switch($mybb->settings['username_method']) 1139 { 1140 case 0: 1141 error($lang->error_invalidpworusername.$login_text); 1142 break; 1143 case 1: 1144 error($lang->error_invalidpworusername1.$login_text); 1145 break; 1146 case 2: 1147 error($lang->error_invalidpworusername2.$login_text); 1148 break; 1149 default: 1150 error($lang->error_invalidpworusername.$login_text); 1151 break; 1152 } 1153 } 1154 1155 $query = $db->simple_select("users", "loginattempts", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."' OR LOWER(email)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1)); 1156 $loginattempts = $db->fetch_field($query, "loginattempts"); 1157 1158 $errors = array(); 1159 1160 $user = validate_password_from_username($mybb->input['username'], $mybb->input['password']); 1161 if(!$user['uid']) 1162 { 1163 my_setcookie('loginattempts', $logins + 1); 1164 $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '".$db->escape_string(my_strtolower($mybb->input['username']))."'", 1, true); 1165 1166 $mybb->input['action'] = "login"; 1167 $mybb->input['request_method'] = "get"; 1168 1169 if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1) 1170 { 1171 $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins); 1172 } 1173 1174 switch($mybb->settings['username_method']) 1175 { 1176 case 0: 1177 $errors[] = $lang->error_invalidpworusername.$login_text; 1178 break; 1179 case 1: 1180 $errors[] = $lang->error_invalidpworusername1.$login_text; 1181 break; 1182 case 2: 1183 $errors[] = $lang->error_invalidpworusername2.$login_text; 1184 break; 1185 default: 1186 $errors[] = $lang->error_invalidpworusername.$login_text; 1187 break; 1188 } 1189 } 1190 else 1191 { 1192 $correct = true; 1193 } 1194 1195 if($mybb->settings['failedcaptchalogincount'] > 0 && ($loginattempts > $mybb->settings['failedcaptchalogincount'] || intval($mybb->cookies['loginattempts']) > $mybb->settings['failedcaptchalogincount'])) 1196 { 1197 // Show captcha image if enabled 1198 if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng")) 1199 { 1200 // Check their current captcha input - if correct, hide the captcha input area 1201 if($mybb->input['imagestring']) 1202 { 1203 $imagehash = $db->escape_string($mybb->input['imagehash']); 1204 $imagestring = $db->escape_string($mybb->input['imagestring']); 1205 $query = $db->simple_select("captcha", "*", "imagehash='{$imagehash}' AND imagestring='{$imagestring}'"); 1206 $imgcheck = $db->fetch_array($query); 1207 if($imgcheck['dateline'] > 0) 1208 { 1209 $correct = true; 1210 } 1211 else 1212 { 1213 $db->delete_query("captcha", "imagehash='{$imagehash}'"); 1214 $errors[] = $lang->error_regimageinvalid; 1215 } 1216 } 1217 else if($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username']) 1218 { 1219 $errors[] = $lang->error_regimagerequired; 1220 } 1221 else 1222 { 1223 $errors[] = $lang->error_regimagerequired; 1224 } 1225 } 1226 1227 $do_captcha = true; 1228 } 1229 1230 if(!empty($errors)) 1231 { 1232 $mybb->input['action'] = "login"; 1233 $mybb->input['request_method'] = "get"; 1234 1235 $inline_errors = inline_error($errors); 1236 } 1237 else if($correct) 1238 { 1239 if($user['coppauser']) 1240 { 1241 error($lang->error_awaitingcoppa); 1242 } 1243 1244 my_setcookie('loginattempts', 1); 1245 $db->delete_query("sessions", "ip='".$db->escape_string($session->ipaddress)."' AND sid != '".$session->sid."'"); 1246 $newsession = array( 1247 "uid" => $user['uid'], 1248 ); 1249 $db->update_query("sessions", $newsession, "sid='".$session->sid."'"); 1250 1251 $db->update_query("users", array("loginattempts" => 1), "uid='{$user['uid']}'"); 1252 1253 if($mybb->input['remember'] != "yes") 1254 { 1255 $remember = -1; 1256 } 1257 else 1258 { 1259 $remember = null; 1260 } 1261 my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true); 1262 my_setcookie("sid", $session->sid, -1, true); 1263 1264 $plugins->run_hooks("member_do_login_end"); 1265 1266 if($mybb->input['url'] != "" && my_strpos(basename($mybb->input['url']), 'member.php') === false) 1267 { 1268 if((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false) 1269 { 1270 $mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']); 1271 } 1272 1273 $mybb->input['url'] = str_replace('&', '&', $mybb->input['url']); 1274 1275 // Redirect to the URL if it is not member.php 1276 redirect(htmlentities($mybb->input['url']), $lang->redirect_loggedin); 1277 } 1278 else 1279 { 1280 redirect("index.php", $lang->redirect_loggedin); 1281 } 1282 } 1283 else 1284 { 1285 $mybb->input['action'] = "login"; 1286 $mybb->input['request_method'] = "get"; 1287 } 1288 1289 $plugins->run_hooks("member_do_login_end"); 1290 } 1291 1292 if($mybb->input['action'] == "login") 1293 { 1294 $plugins->run_hooks("member_login"); 1295 1296 $member_loggedin_notice = ""; 1297 if($mybb->user['uid'] != 0) 1298 { 1299 $lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid'])); 1300 eval("\$member_loggedin_notice = \"".$templates->get("member_loggedin_notice")."\";"); 1301 } 1302 1303 // Checks to make sure the user can login; they haven't had too many tries at logging in. 1304 // Is a fatal call if user has had too many tries 1305 login_attempt_check(); 1306 1307 // Redirect to the page where the user came from, but not if that was the login page. 1308 if($_SERVER['HTTP_REFERER'] && strpos($_SERVER['HTTP_REFERER'], "action=login") === false) 1309 { 1310 $redirect_url = htmlentities($_SERVER['HTTP_REFERER']); 1311 } 1312 else 1313 { 1314 $redirect_url = ''; 1315 } 1316 1317 $captcha = ""; 1318 // Show captcha image for guests if enabled 1319 if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && $do_captcha == true) 1320 { 1321 $randomstr = random_str(5); 1322 $imagehash = md5(random_str(12)); 1323 $imagearray = array( 1324 "imagehash" => $imagehash, 1325 "imagestring" => $randomstr, 1326 "dateline" => TIME_NOW 1327 ); 1328 $db->insert_query("captcha", $imagearray); 1329 eval("\$captcha = \"".$templates->get("post_captcha")."\";"); 1330 } 1331 1332 $username = ""; 1333 $password = ""; 1334 if($mybb->input['username'] && $mybb->request_method == "post") 1335 { 1336 $username = htmlspecialchars_uni($mybb->input['username']); 1337 } 1338 1339 if($mybb->input['password'] && $mybb->request_method == "post") 1340 { 1341 $password = htmlspecialchars_uni($mybb->input['password']); 1342 } 1343 1344 switch($mybb->settings['username_method']) 1345 { 1346 case 1: 1347 $lang->username = $lang->username1; 1348 break; 1349 case 2: 1350 $lang->username = $lang->username2; 1351 break; 1352 default: 1353 break; 1354 } 1355 eval("\$login = \"".$templates->get("member_login")."\";"); 1356 output_page($login); 1357 } 1358 1359 if($mybb->input['action'] == "logout") 1360 { 1361 $plugins->run_hooks("member_logout_start"); 1362 1363 if(!$mybb->user['uid']) 1364 { 1365 redirect("index.php", $lang->redirect_alreadyloggedout); 1366 } 1367 1368 // Check session ID if we have one 1369 if($mybb->input['sid'] && $mybb->input['sid'] != $session->sid) 1370 { 1371 error($lang->error_notloggedout); 1372 } 1373 // Otherwise, check logoutkey 1374 else if(!$mybb->input['sid'] && $mybb->input['logoutkey'] != $mybb->user['logoutkey']) 1375 { 1376 error($lang->error_notloggedout); 1377 } 1378 1379 my_unsetcookie("mybbuser"); 1380 my_unsetcookie("sid"); 1381 if($mybb->user['uid']) 1382 { 1383 $time = TIME_NOW; 1384 $lastvisit = array( 1385 "lastactive" => $time-900, 1386 "lastvisit" => $time, 1387 ); 1388 $db->update_query("users", $lastvisit, "uid='".$mybb->user['uid']."'"); 1389 $db->delete_query("sessions", "sid='".$session->sid."'"); 1390 } 1391 $plugins->run_hooks("member_logout_end"); 1392 redirect("index.php", $lang->redirect_loggedout); 1393 } 1394 1395 if($mybb->input['action'] == "profile") 1396 { 1397 $plugins->run_hooks("member_profile_start"); 1398 1399 if($mybb->usergroup['canviewprofiles'] == 0) 1400 { 1401 error_no_permission(); 1402 } 1403 if($mybb->input['uid'] == "lastposter") 1404 { 1405 if($mybb->input['tid']) 1406 { 1407 $query = $db->simple_select("posts", "uid", "tid='".intval($mybb->input['tid'])."' AND visible = 1", array('order_by' => 'dateline', 'order_dir' => 'DESC', 'limit' => '1')); 1408 $post = $db->fetch_array($query); 1409 $uid = $post['uid']; 1410 } 1411 elseif($mybb->input['fid']) 1412 { 1413 $flist = ''; 1414 switch($db->type) 1415 { 1416 case "pgsql": 1417 case "sqlite": 1418 $query = $db->simple_select("forums", "fid", "INSTR(','||parentlist||',',',".intval($mybb->input['fid']).",') > 0"); 1419 break; 1420 default: 1421 $query = $db->simple_select("forums", "fid", "INSTR(CONCAT(',',parentlist,','),',".intval($mybb->input['fid']).",') > 0"); 1422 } 1423 1424 while($forum = $db->fetch_array($query)) 1425 { 1426 if($forum['fid'] == $mybb->input['fid']) 1427 { 1428 $theforum = $forum; 1429 } 1430 $flist .= ",".$forum['fid']; 1431 } 1432 $query = $db->simple_select("threads", "tid", "fid IN (0$flist) AND visible = 1", array('order_by' => 'lastpost', 'order_dir' => 'DESC', 'limit' => '1')); 1433 $thread = $db->fetch_array($query); 1434 $tid = $thread['tid']; 1435 $query = $db->simple_select("posts", "uid", "tid='$tid' AND visible = 1", array('order_by' => 'dateline', 'order_dir' => 'DESC', 'limit' => '1')); 1436 $post = $db->fetch_array($query); 1437 $uid = $post['uid']; 1438 } 1439 } 1440 else 1441 { 1442 if($mybb->input['uid']) 1443 { 1444 $uid = intval($mybb->input['uid']); 1445 } 1446 else 1447 { 1448 $uid = $mybb->user['uid']; 1449 } 1450 } 1451 1452 if($mybb->user['uid'] != $uid) 1453 { 1454 $memprofile = get_user($uid); 1455 } 1456 else 1457 { 1458 $memprofile = $mybb->user; 1459 } 1460 1461 $lang->profile = $lang->sprintf($lang->profile, $memprofile['username']); 1462 1463 if(!$memprofile['uid']) 1464 { 1465 error($lang->error_nomember); 1466 } 1467 1468 // Get member's permissions 1469 $memperms = user_permissions($memprofile['uid']); 1470 1471 $lang->nav_profile = $lang->sprintf($lang->nav_profile, $memprofile['username']); 1472 add_breadcrumb($lang->nav_profile); 1473 1474 $lang->users_forum_info = $lang->sprintf($lang->users_forum_info, $memprofile['username']); 1475 $lang->users_contact_details = $lang->sprintf($lang->users_contact_details, $memprofile['username']); 1476 1477 if($mybb->settings['enablepms'] != 0 && (($memprofile['receivepms'] != 0 && $memperms['canusepms'] != 0 && my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false) || $mybb->usergroup['canoverridepm'] == 1)) 1478 { 1479 $lang->send_pm = $lang->sprintf($lang->send_pm, $memprofile['username']); 1480 } 1481 else 1482 { 1483 $lang->send_pm = ''; 1484 } 1485 $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']); 1486 $lang->users_additional_info = $lang->sprintf($lang->users_additional_info, $memprofile['username']); 1487 $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']); 1488 $lang->send_user_email = $lang->sprintf($lang->send_user_email, $memprofile['username']); 1489 1490 if($memprofile['avatar']) 1491 { 1492 $memprofile['avatar'] = htmlspecialchars_uni($memprofile['avatar']); 1493 $avatar_dimensions = explode("|", $memprofile['avatardimensions']); 1494 if($avatar_dimensions[0] && $avatar_dimensions[1]) 1495 { 1496 $avatar_width_height = "width=\"{$avatar_dimensions[0]}\" height=\"{$avatar_dimensions[1]}\""; 1497 } 1498 $avatar = "<img src=\"{$memprofile['avatar']}\" alt=\"\" $avatar_width_height />"; 1499 } 1500 else 1501 { 1502 $avatar = ''; 1503 } 1504 1505 if($memprofile['hideemail'] != 1 && (my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false || $mybb->usergroup['cansendemailoverride'] != 0)) 1506 { 1507 eval("\$sendemail = \"".$templates->get("member_profile_email")."\";"); 1508 } 1509 else 1510 { 1511 $alttrow = "trow1"; // To properly sort the contact details below 1512 $sendemail = ''; 1513 } 1514 1515 // Clean alt_trow for the contact details 1516 $cat_array = array( 1517 "pm", 1518 "icq", 1519 "aim", 1520 "yahoo", 1521 "msn", 1522 ); 1523 1524 $bgcolors = array(); 1525 foreach($cat_array as $cat) 1526 { 1527 $bgcolors[$cat] = alt_trow(); 1528 } 1529 1530 if($memprofile['website']) 1531 { 1532 $memprofile['website'] = htmlspecialchars_uni($memprofile['website']); 1533 $website = "<a href=\"{$memprofile['website']}\" target=\"_blank\">{$memprofile['website']}</a>"; 1534 } 1535 else 1536 { 1537 $website = ''; 1538 } 1539 1540 if($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW)) 1541 { 1542 $sig_parser = array( 1543 "allow_html" => $mybb->settings['sightml'], 1544 "allow_mycode" => $mybb->settings['sigmycode'], 1545 "allow_smilies" => $mybb->settings['sigsmilies'], 1546 "allow_imgcode" => $mybb->settings['sigimgcode'], 1547 "me_username" => $memprofile['username'], 1548 "filter_badwords" => 1 1549 ); 1550 1551 $memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser); 1552 eval("\$signature = \"".$templates->get("member_profile_signature")."\";"); 1553 } 1554 1555 $daysreg = (TIME_NOW - $memprofile['regdate']) / (24*3600); 1556 1557 if($daysreg < 1) 1558 { 1559 $daysreg = 1; 1560 } 1561 1562 $ppd = $memprofile['postnum'] / $daysreg; 1563 $ppd = round($ppd, 2); 1564 if($ppd > $memprofile['postnum']) 1565 { 1566 $ppd = $memprofile['postnum']; 1567 } 1568 $stats = $cache->read("stats"); 1569 $numposts = $stats['numposts']; 1570 if($numposts == 0) 1571 { 1572 $percent = "0"; 1573 } 1574 else 1575 { 1576 $percent = $memprofile['postnum']*100/$numposts; 1577 $percent = round($percent, 2); 1578 } 1579 1580 if($percent > 100) 1581 { 1582 $percent = 100; 1583 } 1584 1585 if(!empty($memprofile['icq'])) 1586 { 1587 $memprofile['icq'] = intval($memprofile['icq']); 1588 } 1589 else 1590 { 1591 $memprofile['icq'] = ''; 1592 } 1593 1594 if($memprofile['away'] == 1 && $mybb->settings['allowaway'] != 0) 1595 { 1596 $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']); 1597 $awaydate = my_date($mybb->settings['dateformat'], $memprofile['awaydate']); 1598 if(!empty($memprofile['awayreason'])) 1599 { 1600 $awayreason = htmlspecialchars_uni($memprofile['awayreason']); 1601 } 1602 else 1603 { 1604 $awayreason = $lang->away_no_reason; 1605 } 1606 if($memprofile['returndate'] == '') 1607 { 1608 $returndate = "$lang->unknown"; 1609 } 1610 else 1611 { 1612 $returnhome = explode("-", $memprofile['returndate']); 1613 1614 // PHP native date functions use integers so timestamps for years after 2038 will not work 1615 // Thus we use adodb_mktime 1616 if($returnhome[2] >= 2038) 1617 { 1618 require_once MYBB_ROOT."inc/functions_time.php"; 1619 $returnmkdate = adodb_mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]); 1620 $returndate = my_date($mybb->settings['dateformat'], $returnmkdate, "", 1, true); 1621 } 1622 else 1623 { 1624 $returnmkdate = mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]); 1625 $returndate = my_date($mybb->settings['dateformat'], $returnmkdate); 1626 } 1627 1628 // If our away time has expired already, we should be back, right? 1629 if ($returnmkdate < TIME_NOW) 1630 { 1631 $db->update_query('users', array('away' => '0', 'awaydate' => '', 'returndate' => '', 'awayreason' => ''), 'uid=\''.intval($memprofile['uid']).'\''); 1632 1633 // Update our status to "not away" 1634 $memprofile['away'] = 0; 1635 } 1636 } 1637 1638 // Check if our away status is set to 1, it may have been updated already (see a few lines above) 1639 if ($memprofile['away'] == 1) 1640 { 1641 eval("\$awaybit = \"".$templates->get("member_profile_away")."\";"); 1642 } 1643 } 1644 if($memprofile['dst'] == 1) 1645 { 1646 $memprofile['timezone']++; 1647 if(my_substr($memprofile['timezone'], 0, 1) != "-") 1648 { 1649 $memprofile['timezone'] = "+{$memprofile['timezone']}"; 1650 } 1651 } 1652 $memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']); 1653 $memlocaldate = gmdate($mybb->settings['dateformat'], TIME_NOW + ($memprofile['timezone'] * 3600)); 1654 $memlocaltime = gmdate($mybb->settings['timeformat'], TIME_NOW + ($memprofile['timezone'] * 3600)); 1655 1656 $localtime = $lang->sprintf($lang->local_time_format, $memlocaldate, $memlocaltime); 1657 1658 if($memprofile['lastactive']) 1659 { 1660 $memlastvisitdate = my_date($mybb->settings['dateformat'], $memprofile['lastactive']); 1661 $memlastvisitsep = $lang->comma; 1662 $memlastvisittime = my_date($mybb->settings['timeformat'], $memprofile['lastactive']); 1663 } 1664 else 1665 { 1666 $memlastvisitdate = $lang->lastvisit_never; 1667 $memlastvisitsep = ''; 1668 $memlastvisittime = ''; 1669 } 1670 1671 if($memprofile['birthday']) 1672 { 1673 $membday = explode("-", $memprofile['birthday']); 1674 1675 if($memprofile['birthdayprivacy'] != 'none') 1676 { 1677 if($membday[0] && $membday[1] && $membday[2]) 1678 { 1679 $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday'])); 1680 1681 if($membday[2] >= 1970) 1682 { 1683 $w_day = date("l", mktime(0, 0, 0, $membday[1], $membday[0], $membday[2])); 1684 $membday = format_bdays($mybb->settings['dateformat'], $membday[1], $membday[0], $membday[2], $w_day); 1685 } 1686 else 1687 { 1688 $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]); 1689 $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]); 1690 $membday = date($bdayformat, $membday); 1691 } 1692 $membdayage = $lang->membdayage; 1693 } 1694 elseif($membday[2]) 1695 { 1696 $membday = mktime(0, 0, 0, 1, 1, $membday[2]); 1697 $membday = date("Y", $membday); 1698 $membdayage = ''; 1699 } 1700 else 1701 { 1702 $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0); 1703 $membday = date("F j", $membday); 1704 $membdayage = ''; 1705 } 1706 } 1707 1708 if($memprofile['birthdayprivacy'] == 'age') 1709 { 1710 $membday = $lang->birthdayhidden; 1711 } 1712 else if($memprofile['birthdayprivacy'] == 'none') 1713 { 1714 $membday = $lang->birthdayhidden; 1715 $membdayage = ''; 1716 } 1717 } 1718 else 1719 { 1720 $membday = $lang->not_specified; 1721 $membdayage = ''; 1722 } 1723 1724 if(!$memprofile['displaygroup']) 1725 { 1726 $memprofile['displaygroup'] = $memprofile['usergroup']; 1727 } 1728 1729 // Grab the following fields from the user's displaygroup 1730 $displaygroupfields = array( 1731 "title", 1732 "usertitle", 1733 "stars", 1734 "starimage", 1735 "image", 1736 "usereputationsystem" 1737 ); 1738 $displaygroup = usergroup_displaygroup($memprofile['displaygroup']); 1739 1740 // Get the user title for this user 1741 unset($usertitle); 1742 unset($stars); 1743 if(trim($memprofile['usertitle']) != '') 1744 { 1745 // User has custom user title 1746 $usertitle = $memprofile['usertitle']; 1747 } 1748 elseif(trim($displaygroup['usertitle']) != '') 1749 { 1750 // User has group title 1751 $usertitle = $displaygroup['usertitle']; 1752 } 1753 else 1754 { 1755 // No usergroup title so get a default one 1756 $usertitles = $cache->read('usertitles'); 1757 1758 if(is_array($usertitles)) 1759 { 1760 foreach($usertitles as $title) 1761 { 1762 if($memprofile['postnum'] >= $title['posts']) 1763 { 1764 $usertitle = $title['title']; 1765 $stars = $title['stars']; 1766 $starimage = $title['starimage']; 1767 1768 break; 1769 } 1770 } 1771 } 1772 } 1773 1774 if($displaygroup['stars'] || $displaygroup['usertitle']) 1775 { 1776 // Set the number of stars if display group has constant number of stars 1777 $stars = $displaygroup['stars']; 1778 } 1779 elseif(!$stars) 1780 { 1781 if(!is_array($usertitles)) 1782 { 1783 $usertitles = $cache->read('usertitles'); 1784 } 1785 1786 // This is for cases where the user has a title, but the group has no defined number of stars (use number of stars as per default usergroups) 1787 if(is_array($usertitles)) 1788 { 1789 foreach($usertitles as $title) 1790 { 1791 if($memprofile['postnum'] >= $title['posts']) 1792 { 1793 $stars = $title['stars']; 1794 $starimage = $title['starimage']; 1795 break; 1796 } 1797 } 1798 } 1799 } 1800 1801 if(!empty($displaygroup['image'])) 1802 { 1803 if(!empty($mybb->user['language'])) 1804 { 1805 $language = $mybb->user['language']; 1806 } 1807 else 1808 { 1809 $language = $mybb->settings['bblanguage']; 1810 } 1811 $displaygroup['image'] = str_replace("{lang}", $language, $displaygroup['image']); 1812 $displaygroup['image'] = str_replace("{theme}", $theme['imgdir'], $displaygroup['image']); 1813 eval("\$groupimage = \"".$templates->get("member_profile_groupimage")."\";"); 1814 } 1815 1816 if(!$starimage) 1817 { 1818 $starimage = $displaygroup['starimage']; 1819 } 1820 1821 if($starimage) 1822 { 1823 // Only display stars if we have an image to use... 1824 $starimage = str_replace("{theme}", $theme['imgdir'], $starimage); 1825 $userstars = ''; 1826 for($i = 0; $i < $stars; ++$i) 1827 { 1828 $userstars .= "<img src=\"$starimage\" border=\"0\" alt=\"*\" />"; 1829 } 1830 } 1831 1832 // User is currently online and this user has permissions to view the user on the WOL 1833 $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60; 1834 $query = $db->simple_select("sessions", "location,nopermission", "uid='$uid' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1)); 1835 $session = $db->fetch_array($query); 1836 1837 if(($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid']) && !empty($session)) 1838 { 1839 // Fetch their current location 1840 $lang->load("online"); 1841 require_once MYBB_ROOT."inc/functions_online.php"; 1842 $activity = fetch_wol_activity($session['location'], $session['nopermission']); 1843 $location = build_friendly_wol_location($activity); 1844 $location_time = my_date($mybb->settings['timeformat'], $memprofile['lastactive']); 1845 1846 eval("\$online_status = \"".$templates->get("member_profile_online")."\";"); 1847 } 1848 // User is offline 1849 else 1850 { 1851 eval("\$online_status = \"".$templates->get("member_profile_offline")."\";"); 1852 } 1853 1854 // Build Referral 1855 if($mybb->settings['usereferrals'] == 1) 1856 { 1857 // Reset the background colours to keep it inline 1858 $bg_color = alt_trow(true); 1859 1860 eval("\$referrals = \"".$templates->get("member_profile_referrals")."\";"); 1861 } 1862 else 1863 { 1864 // Manually set to override colours... 1865 $alttrow = 'trow2'; 1866 } 1867 1868 // Fetch the reputation for this user 1869 if($memperms['usereputationsystem'] == 1 && $displaygroup['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1 && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep'])) 1870 { 1871 $bg_color = alt_trow(); 1872 $reputation = get_reputation($memprofile['reputation']); 1873 1874 // If this user has permission to give reputations show the vote link 1875 if($mybb->usergroup['cangivereputations'] == 1 && $memprofile['uid'] != $mybb->user['uid']) 1876 { 1877 $vote_link = "[<a href=\"javascript:MyBB.reputation({$memprofile['uid']});\">{$lang->reputation_vote}</a>]"; 1878 } 1879 1880 eval("\$reputation = \"".$templates->get("member_profile_reputation")."\";"); 1881 } 1882 1883 if($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || ($mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0))) 1884 { 1885 $bg_color = alt_trow(); 1886 $warning_level = round($memprofile['warningpoints']/$mybb->settings['maxwarningpoints']*100); 1887 if($warning_level > 100) 1888 { 1889 $warning_level = 100; 1890 } 1891 $warning_level = get_colored_warning_level($warning_level); 1892 if($mybb->usergroup['canwarnusers'] != 0 && $memprofile['uid'] != $mybb->user['uid']) 1893 { 1894 eval("\$warn_user = \"".$templates->get("member_profile_warn")."\";"); 1895 $warning_link = "warnings.php?uid={$memprofile['uid']}"; 1896 } 1897 else 1898 { 1899 $warning_link = "usercp.php"; 1900 } 1901 eval("\$warning_level = \"".$templates->get("member_profile_warninglevel")."\";"); 1902 } 1903 1904 $query = $db->simple_select("userfields", "*", "ufid='$uid'"); 1905 $userfields = $db->fetch_array($query); 1906 $customfields = ''; 1907 $bgcolor = "trow1"; 1908 $alttrow = "trow1"; 1909 // If this user is an Administrator or a Moderator then we wish to show all profile fields 1910 if($mybb->usergroup['cancp'] == 1 || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['canmodcp'] == 1) 1911 { 1912 $field_hidden = '1=1'; 1913 } 1914 else 1915 { 1916 $field_hidden = "hidden=0"; 1917 } 1918 $query = $db->simple_select("profilefields", "*", "{$field_hidden}", array('order_by' => 'disporder')); 1919 while($customfield = $db->fetch_array($query)) 1920 { 1921 $thing = explode("\n", $customfield['type'], "2"); 1922 $type = trim($thing[0]); 1923 1924 $field = "fid{$customfield['fid']}"; 1925 $useropts = explode("\n", $userfields[$field]); 1926 $customfieldval = $comma = ''; 1927 if(is_array($useropts) && ($type == "multiselect" || $type == "checkbox")) 1928 { 1929 foreach($useropts as $val) 1930 { 1931 if($val != '') 1932 { 1933 $customfieldval .= "<li style=\"margin-left: 0;\">{$val}</li>"; 1934 } 1935 } 1936 if($customfieldval != '') 1937 { 1938 $customfieldval = "<ul style=\"margin: 0; padding-left: 15px;\">{$customfieldval}</ul>"; 1939 } 1940 } 1941 else 1942 { 1943 if($customfield['type'] == "textarea") 1944 { 1945 $customfieldval = nl2br(htmlspecialchars_uni($userfields[$field])); 1946 } 1947 else 1948 { 1949 $customfieldval = htmlspecialchars_uni($userfields[$field]); 1950 } 1951 } 1952 1953 $customfield['name'] = htmlspecialchars_uni($customfield['name']); 1954 eval("\$customfields .= \"".$templates->get("member_profile_customfields_field")."\";"); 1955 $bgcolor = alt_trow(); 1956 } 1957 if($customfields) 1958 { 1959 eval("\$profilefields = \"".$templates->get("member_profile_customfields")."\";"); 1960 } 1961 $memprofile['postnum'] = my_number_format($memprofile['postnum']); 1962 $lang->ppd_percent_total = $lang->sprintf($lang->ppd_percent_total, my_number_format($ppd), $percent); 1963 $formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']); 1964 if($memprofile['timeonline'] > 0) 1965 { 1966 $timeonline = nice_time($memprofile['timeonline']); 1967 } 1968 else 1969 { 1970 $timeonline = $lang->none_registered; 1971 } 1972 1973 if($mybb->usergroup['cancp'] == 1 && $mybb->config['hide_admin_links'] != 1) 1974 { 1975 eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions")."\";"); 1976 } 1977 else 1978 { 1979 $adminoptions = ''; 1980 } 1981 1982 if($mybb->usergroup['canmodcp'] == 1) 1983 { 1984 $memprofile['usernotes'] = nl2br(htmlspecialchars_uni($memprofile['usernotes'])); 1985 1986 if(!empty($memprofile['usernotes'])) 1987 { 1988 if(strlen($memprofile['usernotes']) > 100) 1989 { 1990 $memprofile['usernotes'] = my_substr($memprofile['usernotes'], 0, 100).'...'; 1991 } 1992 } 1993 else 1994 { 1995 $memprofile['usernotes'] = $lang->no_usernotes; 1996 } 1997 1998 eval("\$modoptions = \"".$templates->get("member_profile_modoptions")."\";"); 1999 } 2000 else 2001 { 2002 $modoptions = ''; 2003 } 2004 2005 $buddy_options = ''; 2006 2007 if($mybb->user['uid'] != $memprofile['uid'] && $mybb->user['uid'] != 0) 2008 { 2009 $buddy_list = explode(',', $mybb->user['buddylist']); 2010 if(in_array($mybb->input['uid'], $buddy_list)) 2011 { 2012 $buddy_options = "<br /><a href=\"./usercp.php?action=do_editlists&delete={$mybb->input['uid']}&my_post_key={$mybb->post_code}\"><img src=\"{$theme['imgdir']}/remove_buddy.gif\" alt=\"{$lang->remove_from_buddy_list}\" /> {$lang->remove_from_buddy_list}</a>"; 2013 } 2014 else 2015 { 2016 $buddy_options = "<br /><a href=\"./usercp.php?action=do_editlists&add_username=".urlencode($memprofile['username'])."&my_post_key={$mybb->post_code}\"><img src=\"{$theme['imgdir']}/add_buddy.gif\" alt=\"{$lang->add_to_buddy_list}\" /> {$lang->add_to_buddy_list}</a>"; 2017 } 2018 2019 $ignore_list = explode(',', $mybb->user['ignorelist']); 2020 if(in_array($mybb->input['uid'], $ignore_list)) 2021 { 2022 $buddy_options .= "<br /><a href=\"./usercp.php?action=do_editlists&manage=ignored&delete={$mybb->input['uid']}&my_post_key={$mybb->post_code}\"><img src=\"{$theme['imgdir']}/remove_ignore.gif\" alt=\"{$lang->remove_from_ignore_list}\" /> {$lang->remove_from_ignore_list}</a>"; 2023 } 2024 else 2025 { 2026 $buddy_options .= "<br /><a href=\"./usercp.php?action=do_editlists&manage=ignored&add_username=".urlencode($memprofile['username'])."&my_post_key={$mybb->post_code}\"><img src=\"{$theme['imgdir']}/add_ignore.gif\" alt=\"{$lang->add_to_ignore_list}\" /> {$lang->add_to_ignore_list}</a>"; 2027 } 2028 } 2029 2030 $plugins->run_hooks("member_profile_end"); 2031 2032 eval("\$profile = \"".$templates->get("member_profile")."\";"); 2033 output_page($profile); 2034 } 2035 2036 if($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post") 2037 { 2038 // Verify incoming POST request 2039 verify_post_check($mybb->input['my_post_key']); 2040 2041 $plugins->run_hooks("member_do_emailuser_start"); 2042 2043 // Guests or those without permission can't email other users 2044 if($mybb->usergroup['cansendemail'] == 0 || !$mybb->user['uid']) 2045 { 2046 error_no_permission(); 2047 } 2048 2049 // Check group limits 2050 if($mybb->usergroup['maxemails'] > 0) 2051 { 2052 $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "fromuid='{$mybb->user['uid']}' AND dateline >= '".(TIME_NOW - (60*60*24))."'"); 2053 $sent_count = $db->fetch_field($query, "sent_count"); 2054 if($sent_count >= $mybb->usergroup['maxemails']) 2055 { 2056 $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']); 2057 error($lang->error_max_emails_day); 2058 } 2059 } 2060 2061 $query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".intval($mybb->input['uid'])."'"); 2062 $to_user = $db->fetch_array($query); 2063 2064 if(!$to_user['username']) 2065 { 2066 error($lang->error_invalidusername); 2067 } 2068 2069 if($to_user['hideemail'] != 0) 2070 { 2071 error($lang->error_hideemail); 2072 } 2073 2074 if(empty($mybb->input['subject'])) 2075 { 2076 $errors[] = $lang->error_no_email_subject; 2077 } 2078 2079 if(empty($mybb->input['message'])) 2080 { 2081 $errors[] = $lang->error_no_email_message; 2082 } 2083 2084 if(count($errors) == 0) 2085 { 2086 if($mybb->settings['mail_handler'] == 'smtp') 2087 { 2088 $from = $mybb->user['email']; 2089 } 2090 else 2091 { 2092 $from = "{$mybb->user['username']} <{$mybb->user['email']}>"; 2093 } 2094 2095 $message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->input['message']); 2096 my_mail($to_user['email'], $mybb->input['subject'], $message, $from, "", "", false, "text", "", $mybb->user['email']); 2097 2098 if($mybb->settings['mail_logging'] > 0) 2099 { 2100 // Log the message 2101 $log_entry = array( 2102 "subject" => $db->escape_string($mybb->input['subject']), 2103 "message" => $db->escape_string($mybb->input['message']), 2104 "dateline" => TIME_NOW, 2105 "fromuid" => $mybb->user['uid'], 2106 "fromemail" => $db->escape_string($mybb->user['email']), 2107 "touid" => $to_user['uid'], 2108 "toemail" => $db->escape_string($to_user['email']), 2109 "tid" => 0, 2110 "ipaddress" => $db->escape_string($session->ipaddress) 2111 ); 2112 $db->insert_query("maillogs", $log_entry); 2113 } 2114 2115 $plugins->run_hooks("member_do_emailuser_end"); 2116 2117 redirect(get_profile_link($to_user['uid']), $lang->redirect_emailsent); 2118 } 2119 else 2120 { 2121 $mybb->input['action'] = "emailuser"; 2122 } 2123 } 2124 2125 if($mybb->input['action'] == "emailuser") 2126 { 2127 $plugins->run_hooks("member_emailuser_start"); 2128 2129 // Guests or those without permission can't email other users 2130 if($mybb->usergroup['cansendemail'] == 0 || !$mybb->user['uid']) 2131 { 2132 error_no_permission(); 2133 } 2134 2135 // Check group limits 2136 if($mybb->usergroup['maxemails'] > 0) 2137 { 2138 $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "fromuid='{$mybb->user['uid']}' AND dateline >= '".(TIME_NOW - (60*60*24))."'"); 2139 $sent_count = $db->fetch_field($query, "sent_count"); 2140 if($sent_count > $mybb->usergroup['maxemails']) 2141 { 2142 $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']); 2143 error($lang->error_max_emails_day); 2144 } 2145 } 2146 2147 $query = $db->simple_select("users", "uid, username, email, hideemail, ignorelist", "uid='".intval($mybb->input['uid'])."'"); 2148 $to_user = $db->fetch_array($query); 2149 2150 $lang->email_user = $lang->sprintf($lang->email_user, $to_user['username']); 2151 2152 if(!$to_user['uid']) 2153 { 2154 error($lang->error_invaliduser); 2155 } 2156 2157 if($to_user['hideemail'] != 0) 2158 { 2159 error($lang->error_hideemail); 2160 } 2161 2162 if($to_user['ignorelist'] && (my_strpos(",".$to_user['ignorelist'].",", ",".$mybb->user['uid'].",") !== false && $mybb->usergroup['cansendemailoverride'] != 1)) 2163 { 2164 error_no_permission(); 2165 } 2166 2167 if(count($errors) > 0) 2168 { 2169 $errors = inline_error($errors); 2170 $subject = htmlspecialchars_uni($mybb->input['subject']); 2171 $message = htmlspecialchars_uni($mybb->input['message']); 2172 } 2173 else 2174 { 2175 $errors = ''; 2176 $subject = ''; 2177 $message = ''; 2178 } 2179 2180 $plugins->run_hooks("member_emailuser_end"); 2181 2182 eval("\$emailuser = \"".$templates->get("member_emailuser")."\";"); 2183 output_page($emailuser); 2184 } 2185 2186 if(!$mybb->input['action']) 2187 { 2188 header("Location: index.php"); 2189 } 2190 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sat Mar 31 17:55:03 2012 | Cross-referenced by PHPXref 0.7.1 |