diff -r de56132c008d -r bdac73ed481e plugins/SpecialUserFuncs.php --- a/plugins/SpecialUserFuncs.php Sun Mar 28 21:49:26 2010 -0400 +++ b/plugins/SpecialUserFuncs.php Sun Mar 28 23:10:46 2010 -0400 @@ -1,12 +1,12 @@ _ @@ -47,405 +47,405 @@ function page_Special_Login() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $login_result; - global $lang, $output; - - // Determine which level we're going up to - $level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER; - if ( isset($_POST['login']) ) - { - if ( in_array($_POST['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) - { - $level = intval($_POST['level']); - } - } - // Don't allow going from guest straight to elevated - // FIXME do we want to allow this with a CSRF check? - if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in ) - { - $level = USER_LEVEL_MEMBER; - } - - // If we're already at or above this level, redirect to the target page or, if no target - // specified, back to the main page. - if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in ) - { - if ( $target = $paths->getAllParams() ) - { - redirect(makeUrl($target), '', '', 0); - } - $paths->main_page(); - } - - // Lockout aliasing - $lockout =& $login_result['lockout']; - - $output->header(); - echo '

'; - - if ( $p = $paths->getAllParams() ) - { - echo ''; - } - else if ( isset($_POST['login']) && isset($_POST['return_to']) ) - { - echo ''; - } - - // determine what the "remember me" checkbox should say - $session_time = intval(getConfig('session_remember_time', '30')); - if ( $session_time === 0 ) - { - // sessions are infinite - $text_remember = $lang->get('user_login_check_remember_infinite'); - } - else - { - // is the number of days evenly divisible by 7? if so, use weeks - if ( $session_time % 7 == 0 ) - { - $session_time = $session_time / 7; - $unit = 'week'; - } - else - { - $unit = 'day'; - } - // if it's not equal to 1, pluralize it - if ( $session_time != 1 ) - { - $unit .= $lang->get('meta_plural'); - } - $text_remember = $lang->get('user_login_check_remember', array( - 'session_length' => $session_time, - 'length_units' => $lang->get("etc_unit_$unit") - )); - } - - if ( $error_text = login_get_error($login_result) ) - { - echo '

' . htmlspecialchars($error_text) . '

'; - } - - // - // START FORM - // - ?> -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - setHook('login_form_html'); - foreach ( $code as $cmd ) - { - eval($cmd); - } - - // level-2 only: "Remember me" switch - if ( $level <= USER_LEVEL_MEMBER ) - { - ?> - - - - - - - - - '; - } - // Crypto disable: crypto OFF, normal login - else if ( $level <= USER_LEVEL_MEMBER && $crypto_disable ) - { - echo ' - - '; - } - // Crypto disable: crypto on, ELEV login - else if ( $level > USER_LEVEL_MEMBER && $GLOBALS['dh_supported'] ) - { - echo ''; - echo ''; - echo ''; - } - ?> - - - - - -

- - USER_LEVEL_MEMBER ) ? $lang->get('user_login_message_short_elev') : $lang->get('user_login_message_short'); ?> -
- - ' . $lang->get('user_login_body', array('reg_link' => makeUrlNS('Special', 'Register'))) . ' '; - else - echo ' ' . $lang->get('user_login_body_elev') . ' '; - ?> -
- get('user_login_field_username'); ?>: -	- -	- get('user_login_forgotpass_blurb', array('forgotpass_link' => makeUrlNS('Special', 'PasswordReset'))); ?> - get('user_login_createaccount_blurb', array('reg_link' => makeUrlNS('Special', 'Register'))); ?> -
- get('user_login_field_password'); ?>: -
- get('user_login_field_captcha'); ?>: - -	- - -
- get('user_login_field_captcha'); ?>: - -	- -
- get('user_login_field_remember'); ?> -	- - - - -
'; - - $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : ''; - $nocrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=0", true); - echo ' ' . $lang->get('user_login_nocrypt_title') . ' ' . $lang->get('user_login_nocrypt_body', array('nocrypt_link' => $nocrypt_link)) . ' '; - echo ' ' . $lang->get('user_login_nocrypt_countrylist') . ' '; - - echo '
'; - - $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : ''; - $usecrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=1", true); - echo ' ' . $lang->get('user_login_usecrypt_title') . ' ' . $lang->get('user_login_usecrypt_body', array('usecrypt_link' => $usecrypt_link)) . ' '; - echo ' ' . $lang->get('user_login_usecrypt_countrylist') . ' '; - - echo '
'; - echo ' ' . $lang->get('user_login_dh_notice') . ' '; - echo '
- - -

- - - - - - - - generate_aes_form(); - - // Any additional parameters that need to be passed back? - if ( $p = $paths->getAllParams() ) - { - // ... only if we have a return_to destination. - $get_fwd = $_GET; - unset($get_fwd['do']); - if ( isset($get_fwd['target_do']) ) - { - $get_fwd['do'] = $get_fwd['target_do']; - unset($get_fwd['target_do']); - } - if ( isset($get_fwd['level']) ) - unset($get_fwd['level']); - if ( isset($get_fwd['title']) ) - unset($get_fwd['title']); - - if ( !empty($get_fwd) ) - { - $get_string = htmlspecialchars(enano_json_encode($get_fwd)); - echo ''; - } - } - else if ( isset($_POST['get_fwd']) ) - { - echo ''; - } - ?> -

- aes_javascript('loginform', 'password'); - ?> - footer(); + global $db, $session, $paths, $template, $plugins; // Common objects + global $login_result; + global $lang, $output; + + // Determine which level we're going up to + $level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER; + if ( isset($_POST['login']) ) + { + if ( in_array($_POST['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) + { + $level = intval($_POST['level']); + } + } + // Don't allow going from guest straight to elevated + // FIXME do we want to allow this with a CSRF check? + if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in ) + { + $level = USER_LEVEL_MEMBER; + } + + // If we're already at or above this level, redirect to the target page or, if no target + // specified, back to the main page. + if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in ) + { + if ( $target = $paths->getAllParams() ) + { + redirect(makeUrl($target), '', '', 0); + } + $paths->main_page(); + } + + // Lockout aliasing + $lockout =& $login_result['lockout']; + + $output->header(); + echo '

'; + + if ( $p = $paths->getAllParams() ) + { + echo ''; + } + else if ( isset($_POST['login']) && isset($_POST['return_to']) ) + { + echo ''; + } + + // determine what the "remember me" checkbox should say + $session_time = intval(getConfig('session_remember_time', '30')); + if ( $session_time === 0 ) + { + // sessions are infinite + $text_remember = $lang->get('user_login_check_remember_infinite'); + } + else + { + // is the number of days evenly divisible by 7? if so, use weeks + if ( $session_time % 7 == 0 ) + { + $session_time = $session_time / 7; + $unit = 'week'; + } + else + { + $unit = 'day'; + } + // if it's not equal to 1, pluralize it + if ( $session_time != 1 ) + { + $unit .= $lang->get('meta_plural'); + } + $text_remember = $lang->get('user_login_check_remember', array( + 'session_length' => $session_time, + 'length_units' => $lang->get("etc_unit_$unit") + )); + } + + if ( $error_text = login_get_error($login_result) ) + { + echo '

' . htmlspecialchars($error_text) . '

'; + } + + // + // START FORM + // + ?> +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + setHook('login_form_html'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + + // level-2 only: "Remember me" switch + if ( $level <= USER_LEVEL_MEMBER ) + { + ?> + + + + + + + + + '; + } + // Crypto disable: crypto OFF, normal login + else if ( $level <= USER_LEVEL_MEMBER && $crypto_disable ) + { + echo ' + + '; + } + // Crypto disable: crypto on, ELEV login + else if ( $level > USER_LEVEL_MEMBER && $GLOBALS['dh_supported'] ) + { + echo ''; + echo ''; + echo ''; + } + ?> + + + + + +

+ + USER_LEVEL_MEMBER ) ? $lang->get('user_login_message_short_elev') : $lang->get('user_login_message_short'); ?> +
+ + ' . $lang->get('user_login_body', array('reg_link' => makeUrlNS('Special', 'Register'))) . ' '; + else + echo ' ' . $lang->get('user_login_body_elev') . ' '; + ?> +
+ get('user_login_field_username'); ?>: +	+ +	+ get('user_login_forgotpass_blurb', array('forgotpass_link' => makeUrlNS('Special', 'PasswordReset'))); ?> + get('user_login_createaccount_blurb', array('reg_link' => makeUrlNS('Special', 'Register'))); ?> +
+ get('user_login_field_password'); ?>: +
+ get('user_login_field_captcha'); ?>: + +	+ + +
+ get('user_login_field_captcha'); ?>: + +	+ +
+ get('user_login_field_remember'); ?> +	+ + + + +
'; + + $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : ''; + $nocrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=0", true); + echo ' ' . $lang->get('user_login_nocrypt_title') . ' ' . $lang->get('user_login_nocrypt_body', array('nocrypt_link' => $nocrypt_link)) . ' '; + echo ' ' . $lang->get('user_login_nocrypt_countrylist') . ' '; + + echo '
'; + + $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : ''; + $usecrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=1", true); + echo ' ' . $lang->get('user_login_usecrypt_title') . ' ' . $lang->get('user_login_usecrypt_body', array('usecrypt_link' => $usecrypt_link)) . ' '; + echo ' ' . $lang->get('user_login_usecrypt_countrylist') . ' '; + + echo '
'; + echo ' ' . $lang->get('user_login_dh_notice') . ' '; + echo '
+ + +

+ + + + + + + + generate_aes_form(); + + // Any additional parameters that need to be passed back? + if ( $p = $paths->getAllParams() ) + { + // ... only if we have a return_to destination. + $get_fwd = $_GET; + unset($get_fwd['do']); + if ( isset($get_fwd['target_do']) ) + { + $get_fwd['do'] = $get_fwd['target_do']; + unset($get_fwd['target_do']); + } + if ( isset($get_fwd['level']) ) + unset($get_fwd['level']); + if ( isset($get_fwd['title']) ) + unset($get_fwd['title']); + + if ( !empty($get_fwd) ) + { + $get_string = htmlspecialchars(enano_json_encode($get_fwd)); + echo ''; + } + } + else if ( isset($_POST['get_fwd']) ) + { + echo ''; + } + ?> +

+ aes_javascript('loginform', 'password'); + ?> + footer(); } function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called { - global $db, $session, $paths, $template, $plugins; // Common objects - global $login_result; - global $lang; - - // Are we calling the JSON interface? - $paths->fullpage = $GLOBALS['urlname']; - if ( $paths->getParam(0) === 'action.json' ) - { - if ( !isset($_POST['r']) ) - die('No request.'); - - $request = $_POST['r']; - try - { - $request = enano_json_decode($request); - } - catch ( Exception $e ) - { - die(enano_json_encode(array( - 'mode' => 'error', - 'error' => 'ERR_JSON_PARSE_FAILED' - ))); - } - - echo enano_json_encode($session->process_login_request($request)); - - $db->close(); - exit; - } - - // No. Process incoming results from the HTML version. - if ( isset($_POST['login']) ) - { - $_POST['password'] = $session->get_aes_post(); - - $result = $session->process_login_request(array( - 'mode' => 'login_pt', - 'userinfo' => $_POST, - 'level' => $_POST['level'], - 'captcha_hash' => isset($_POST['captcha_hash']) ? $_POST['captcha_hash'] : false, - 'captcha_code' => isset($_POST['captcha_code']) ? $_POST['captcha_code'] : false - )); - - if ( $result['mode'] === 'login_success' ) - { - // - // LOGIN SUCCESS. - // Redirect as necessary. - // - - // Load our preferences - $session->start(); - - // Decode get_add - $get_add = false; - if ( isset($_POST['get_fwd']) ) - { - try - { - $get_fwd = enano_json_decode($_POST['get_fwd']); - $get_add = ''; - foreach ( $get_fwd as $key => $value ) - { - $get_add .= "&{$key}=" . urlencode($value); - } - $get_add = ltrim($get_add, '&'); - } - catch ( Exception $e ) - { - } - } - - // Going to a user-specified page? - if ( isset($_POST['return_to']) ) - { - // yea - $name = get_page_title($_POST['return_to']); - $subst = array( - 'username' => $session->username, - 'redir_target' => $name - ); - redirect( makeUrl($_POST['return_to'], $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) ); - } - else - { - // No, redirect them to the main page - $subst = array( - 'username' => $session->username, - 'redir_target' => $lang->get('user_login_success_body_mainpage') - ); - redirect( makeUrl(get_main_page(), $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) ); - } - } - else if ( $result['mode'] === 'login_success_reset' ) - { - // They logged in with a temporary password; send them to the reset form - redirect($result['redirect_url'], '', '', 0); - } - // Otherwise, the result is likely an error. - $login_result = $result; - } - else - { - $login_result = $session->process_login_request(array( - 'mode' => 'getkey' - )); - } - - // This is a bit of a hack. The login form generates AES and DiffieHellman keys on its - // own, so we need to clean up the ones from the login request API. - if ( !empty($login_result['crypto']) ) - { - $session->process_login_request(array( - 'mode' => 'clean_key', - 'key_aes' => $login_result['crypto']['aes_key'], - 'key_dh' => $login_result['crypto']['dh_public_key'], - )); - } + global $db, $session, $paths, $template, $plugins; // Common objects + global $login_result; + global $lang; + + // Are we calling the JSON interface? + $paths->fullpage = $GLOBALS['urlname']; + if ( $paths->getParam(0) === 'action.json' ) + { + if ( !isset($_POST['r']) ) + die('No request.'); + + $request = $_POST['r']; + try + { + $request = enano_json_decode($request); + } + catch ( Exception $e ) + { + die(enano_json_encode(array( + 'mode' => 'error', + 'error' => 'ERR_JSON_PARSE_FAILED' + ))); + } + + echo enano_json_encode($session->process_login_request($request)); + + $db->close(); + exit; + } + + // No. Process incoming results from the HTML version. + if ( isset($_POST['login']) ) + { + $_POST['password'] = $session->get_aes_post(); + + $result = $session->process_login_request(array( + 'mode' => 'login_pt', + 'userinfo' => $_POST, + 'level' => $_POST['level'], + 'captcha_hash' => isset($_POST['captcha_hash']) ? $_POST['captcha_hash'] : false, + 'captcha_code' => isset($_POST['captcha_code']) ? $_POST['captcha_code'] : false + )); + + if ( $result['mode'] === 'login_success' ) + { + // + // LOGIN SUCCESS. + // Redirect as necessary. + // + + // Load our preferences + $session->start(); + + // Decode get_add + $get_add = false; + if ( isset($_POST['get_fwd']) ) + { + try + { + $get_fwd = enano_json_decode($_POST['get_fwd']); + $get_add = ''; + foreach ( $get_fwd as $key => $value ) + { + $get_add .= "&{$key}=" . urlencode($value); + } + $get_add = ltrim($get_add, '&'); + } + catch ( Exception $e ) + { + } + } + + // Going to a user-specified page? + if ( isset($_POST['return_to']) ) + { + // yea + $name = get_page_title($_POST['return_to']); + $subst = array( + 'username' => $session->username, + 'redir_target' => $name + ); + redirect( makeUrl($_POST['return_to'], $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) ); + } + else + { + // No, redirect them to the main page + $subst = array( + 'username' => $session->username, + 'redir_target' => $lang->get('user_login_success_body_mainpage') + ); + redirect( makeUrl(get_main_page(), $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) ); + } + } + else if ( $result['mode'] === 'login_success_reset' ) + { + // They logged in with a temporary password; send them to the reset form + redirect($result['redirect_url'], '', '', 0); + } + // Otherwise, the result is likely an error. + $login_result = $result; + } + else + { + $login_result = $session->process_login_request(array( + 'mode' => 'getkey' + )); + } + + // This is a bit of a hack. The login form generates AES and DiffieHellman keys on its + // own, so we need to clean up the ones from the login request API. + if ( !empty($login_result['crypto']) ) + { + $session->process_login_request(array( + 'mode' => 'clean_key', + 'key_aes' => $login_result['crypto']['aes_key'], + 'key_dh' => $login_result['crypto']['dh_public_key'], + )); + } } /** @@ -456,1296 +456,1296 @@ function login_get_error($response) { - global $lang; - - if ( !empty($response['lockout']) ) - { - // set this pluralality thing - $response['lockout']['plural'] = $response['lockout']['time_rem'] == 1 ? '' : $lang->get('meta_plural'); - } - - if ( $response['mode'] == 'initial' ) - { - // Just showing the box for the first time. If there's an error now, it's based on a preexisting lockout. - if ( $response['lockout']['active'] ) - { - return $lang->get('user_err_locked_out_initial_' . $response['lockout']['policy'], $response['lockout']); - } - return false; - } - else - { - // An attempt was made. - switch($response['mode']) - { - case 'login_failure': - // Generic login user error. - $error = ''; - if ( ($x = $lang->get($response['error'])) != $response['error'] ) - $error = $x; - else - $error = $lang->get('user_err_' . $response['error']); - if ( $response['lockout']['active'] && $response['lockout']['policy'] == 'lockout' ) - { - // Lockout enforcement was just activated. - return $lang->get('user_err_locked_out_initial_' . $response['lockout']['policy'], $response['lockout']); - } - else if ( $response['lockout']['policy'] != 'disable' && !$response['lockout']['active'] && $response['lockout']['fails'] > 0 ) - { - // Lockout is in a warning state. - $error .= ' ' . $lang->get('user_err_invalid_credentials_' . $response['lockout']['policy'], $response['lockout']); - } - return $error; - break; - case 'api_error': - // Error in the API. - return $lang->get('user_err_login_generic_title') + ': ' + $lang->get('user_' . strtolower($response['error'])); - break; - } - } - - return is_string($response['error']) ? $response['error'] : false; + global $lang; + + if ( !empty($response['lockout']) ) + { + // set this pluralality thing + $response['lockout']['plural'] = $response['lockout']['time_rem'] == 1 ? '' : $lang->get('meta_plural'); + } + + if ( $response['mode'] == 'initial' ) + { + // Just showing the box for the first time. If there's an error now, it's based on a preexisting lockout. + if ( $response['lockout']['active'] ) + { + return $lang->get('user_err_locked_out_initial_' . $response['lockout']['policy'], $response['lockout']); + } + return false; + } + else + { + // An attempt was made. + switch($response['mode']) + { + case 'login_failure': + // Generic login user error. + $error = ''; + if ( ($x = $lang->get($response['error'])) != $response['error'] ) + $error = $x; + else + $error = $lang->get('user_err_' . $response['error']); + if ( $response['lockout']['active'] && $response['lockout']['policy'] == 'lockout' ) + { + // Lockout enforcement was just activated. + return $lang->get('user_err_locked_out_initial_' . $response['lockout']['policy'], $response['lockout']); + } + else if ( $response['lockout']['policy'] != 'disable' && !$response['lockout']['active'] && $response['lockout']['fails'] > 0 ) + { + // Lockout is in a warning state. + $error .= ' ' . $lang->get('user_err_invalid_credentials_' . $response['lockout']['policy'], $response['lockout']); + } + return $error; + break; + case 'api_error': + // Error in the API. + return $lang->get('user_err_login_generic_title') + ': ' + $lang->get('user_' . strtolower($response['error'])); + break; + } + } + + return is_string($response['error']) ? $response['error'] : false; } function page_Special_Logout() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - - if ( !$session->user_logged_in ) - $paths->main_page(); - - $token = $paths->getParam(0); - if ( $token !== $session->csrf_token ) - { - csrf_request_confirm(); - } - - $l = $session->logout(); - if ( $l == 'success' ) - { - $url = makeUrl(get_main_page(), false, true); - if ( $paths->getParam(1) ) - { - $pi = explode('/', $paths->getAllParams()); - $pi = implode('/', array_values(array_slice($pi, 1))); - list($pid, $ns) = RenderMan::strToPageID($pi); - $perms = $session->fetch_page_acl($pid, $ns); - if ( $perms->get_permissions('read') ) - { - $url = makeUrl($pi, false, true); - } - } - redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 3); - } - $template->header(); - echo '

' . $lang->get('user_logout_err_title') . '

'; - echo '

' . $l . '

'; - $template->footer(); + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + + if ( !$session->user_logged_in ) + $paths->main_page(); + + $token = $paths->getParam(0); + if ( $token !== $session->csrf_token ) + { + csrf_request_confirm(); + } + + $l = $session->logout(); + if ( $l == 'success' ) + { + $url = makeUrl(get_main_page(), false, true); + if ( $paths->getParam(1) ) + { + $pi = explode('/', $paths->getAllParams()); + $pi = implode('/', array_values(array_slice($pi, 1))); + list($pid, $ns) = RenderMan::strToPageID($pi); + $perms = $session->fetch_page_acl($pid, $ns); + if ( $perms->get_permissions('read') ) + { + $url = makeUrl($pi, false, true); + } + } + redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 3); + } + $template->header(); + echo '

' . $lang->get('user_logout_err_title') . '

'; + echo '

' . $l . '

'; + $template->footer(); } function page_Special_Register() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - - if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in ) - { - $paths->main_page(); - } - - // form field trackers - $username = ''; - $email = ''; - $realname = ''; - - $terms = getConfig('register_tou'); - - if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in )) - { - $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '

' . $lang->get('user_reg_err_disabled_body_adminblurb', array( 'reg_link' => makeUrl($paths->page, 'IWannaPlayToo&coppa=no', true) )) . '

' : ''; - die_friendly($lang->get('user_reg_err_disabled_title'), '

' . $lang->get('user_reg_err_disabled_body') . '

' . $s); - } - // are we locked out from logging in? if so, also lock out registration - if ( getConfig('lockout_policy') === 'lockout' ) - { - $ip = $db->escape($_SERVER['REMOTE_ADDR']); - $threshold = time() - ( 60 * intval(getConfig('lockout_duration')) ); - $limit = intval(getConfig('lockout_threshold')); - $q = $db->sql_query('SELECT * FROM ' . table_prefix . "lockout WHERE timestamp >= $threshold ORDER BY timestamp DESC;"); - if ( !$q ) - $db->_die(); - if ( $db->numrows() >= $limit ) - { - $row = $db->fetchrow(); - $db->free_result(); - $time_rem = intval(getConfig('lockout_duration')) - round((time() - $row['timestamp']) / 60); - die_friendly($lang->get('user_reg_err_disabled_title'), '

' . $lang->get('user_reg_err_locked_out', array('time' => $time_rem)) . '

'); - } - $db->free_result(); - } - if(isset($_POST['submit'])) - { - $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x'; - - $captcharesult = $session->get_captcha($_POST['captchahash']); - $session->kill_captcha(); - // bypass captcha if logged in (at this point, if logged in, we're admin) - if ( !$session->user_logged_in && strtolower($captcharesult) != strtolower($_POST['captchacode']) ) - { - $s = $lang->get('user_reg_err_captcha'); - } - else - { - if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) ) - { - $s = 'Invalid COPPA input'; - } - else if ( !$session->user_logged_in && !empty($terms) && !isset($_POST['tou_agreed']) ) - { - $s = $lang->get('user_reg_err_accept_tou'); - } - else - { - $coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' ); - $s = false; - - // decrypt password - // as with the change pass form, we aren't going to bother checking the confirmation code because if the passwords didn't match - // and yet the password got encrypted, that means the user screwed with the code, and if the user screwed with the code and thus - // forgot his password, that's his problem. - - if ( $_POST['use_crypt'] == 'yes' ) - { - $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); - $crypt_key = $session->fetch_public_key($_POST['crypt_key']); - if ( !$crypt_key ) - { - $s = $lang->get('user_reg_err_missing_key'); - } - else - { - $data = $_POST['crypt_data']; - $bin_key = hexdecode($crypt_key); - //die("Decrypting with params: key $crypt_key, data $data"); - $password = $aes->decrypt($data, $bin_key, ENC_HEX); - } - } - else - { - $password = $_POST['password']; - } - - $error =& $s; - - /** - * Validation of POST data coming from registration. Put an error message in the variable $error to stop registration. - * @hook ucp_register_validate - */ - - $code = $plugins->setHook('ucp_register_validate'); - foreach ( $code as $cmd ) - { - eval($cmd); - } - - // All things verified, create account - if ( !$s ) - $s = $session->create_user($_POST['username'], $password, $_POST['email'], $_POST['real_name'], $coppa); - } - } - if($s == 'success' && !$coppa) - { - switch(getConfig('account_activation')) - { - case "none": - default: - $str = $lang->get('user_reg_msg_success_activ_none', array('login_link' => makeUrlNS('Special', 'Login', false, true))); - break; - case "user": - $str = $lang->get('user_reg_msg_success_activ_user'); - break; - case "admin": - $str = $lang->get('user_reg_msg_success_activ_admin'); - break; - } - die_friendly($lang->get('user_reg_msg_success_title'), '

' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '

'); - } - else if ( $s == 'success' && $coppa ) - { - $str = $lang->get('user_reg_msg_success_activ_coppa'); - die_friendly($lang->get('user_reg_msg_success_title'), '

' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '

'); - } - $username = htmlspecialchars($_POST['username']); - $email = htmlspecialchars($_POST['email']); - $realname = htmlspecialchars($_POST['real_name']); - } - $template->header(); - echo $lang->get('user_reg_msg_greatercontrol'); - - if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) ) - { - $coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' ); - $session->kill_captcha(); - $captchacode = $session->make_captcha(); - - $pubkey = $session->rijndael_genkey(); - $challenge = $session->dss_rand(); - - ?> -

get('user_reg_msg_table_title'); ?>

- - - - '; ?> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - setHook('ucp_register_form'); - foreach ( $code as $cmd ) - { - eval($cmd); - } - ?> - - - user_logged_in ): - ?> - - - - - - - - - - - - - - - - - - - - - - - - user_logged_in - ?> - - - - - -

get('user_reg_msg_table_subtitle'); ?>
'.$s.'
- get('user_reg_lbl_field_username'); ?> - -	- -	- -
- get('user_reg_lbl_field_password'); ?> - - -10 ): ?> - get('user_reg_msg_password_score'); ?> - -	- Loading... -	- -
- get('user_reg_lbl_field_password_confirm'); ?> -
- -
- get('user_reg_lbl_field_email_coppa'); - } - else - { - echo $lang->get('user_reg_lbl_field_email'); - } - ?> - ' . $lang->get('user_reg_msg_email_activuser') . ''; - } - ?> -	- -	- -
- get('user_reg_lbl_field_realname'); ?> - get('user_reg_msg_realname_optional'); ?> -	- -	-
- get('user_reg_lbl_field_captcha'); ?> - - get('user_reg_msg_captcha_pleaseenter', array('regen_flags' => 'href="#" onclick="regenCaptcha(); return false;"')); ?> - - get('user_reg_msg_captcha_blind'); ?> - -	- -	- -
	- get('user_reg_lbl_field_captcha_code'); ?> - - - -
- get('user_reg_msg_please_read_tou'); - ?> -
- - - - - - - get('user_reg_lbl_field_tou'); ?> - - -
- - -

- '; - ?> - - - - - -

- - - - - '; - echo ''; - echo ' - - - - - '; - echo '

- ' . $lang->get('user_reg_coppa_title') . ' -

- ' . $lang->get('user_reg_coppa_link_atleast13', array( 'yo13_date' => $yo13_date )) . '
- ' . $lang->get('user_reg_coppa_link_not13', array( 'yo13_date' => $yo13_date )) . ' -

'; - echo ''; - } - $template->footer(); + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + + if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in ) + { + $paths->main_page(); + } + + // form field trackers + $username = ''; + $email = ''; + $realname = ''; + + $terms = getConfig('register_tou'); + + if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in )) + { + $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '

' . $lang->get('user_reg_err_disabled_body_adminblurb', array( 'reg_link' => makeUrl($paths->page, 'IWannaPlayToo&coppa=no', true) )) . '

' : ''; + die_friendly($lang->get('user_reg_err_disabled_title'), '

' . $lang->get('user_reg_err_disabled_body') . '

' . $s); + } + // are we locked out from logging in? if so, also lock out registration + if ( getConfig('lockout_policy') === 'lockout' ) + { + $ip = $db->escape($_SERVER['REMOTE_ADDR']); + $threshold = time() - ( 60 * intval(getConfig('lockout_duration')) ); + $limit = intval(getConfig('lockout_threshold')); + $q = $db->sql_query('SELECT * FROM ' . table_prefix . "lockout WHERE timestamp >= $threshold ORDER BY timestamp DESC;"); + if ( !$q ) + $db->_die(); + if ( $db->numrows() >= $limit ) + { + $row = $db->fetchrow(); + $db->free_result(); + $time_rem = intval(getConfig('lockout_duration')) - round((time() - $row['timestamp']) / 60); + die_friendly($lang->get('user_reg_err_disabled_title'), '

' . $lang->get('user_reg_err_locked_out', array('time' => $time_rem)) . '

'); + } + $db->free_result(); + } + if(isset($_POST['submit'])) + { + $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x'; + + $captcharesult = $session->get_captcha($_POST['captchahash']); + $session->kill_captcha(); + // bypass captcha if logged in (at this point, if logged in, we're admin) + if ( !$session->user_logged_in && strtolower($captcharesult) != strtolower($_POST['captchacode']) ) + { + $s = $lang->get('user_reg_err_captcha'); + } + else + { + if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) ) + { + $s = 'Invalid COPPA input'; + } + else if ( !$session->user_logged_in && !empty($terms) && !isset($_POST['tou_agreed']) ) + { + $s = $lang->get('user_reg_err_accept_tou'); + } + else + { + $coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' ); + $s = false; + + // decrypt password + // as with the change pass form, we aren't going to bother checking the confirmation code because if the passwords didn't match + // and yet the password got encrypted, that means the user screwed with the code, and if the user screwed with the code and thus + // forgot his password, that's his problem. + + if ( $_POST['use_crypt'] == 'yes' ) + { + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); + $crypt_key = $session->fetch_public_key($_POST['crypt_key']); + if ( !$crypt_key ) + { + $s = $lang->get('user_reg_err_missing_key'); + } + else + { + $data = $_POST['crypt_data']; + $bin_key = hexdecode($crypt_key); + //die("Decrypting with params: key $crypt_key, data $data"); + $password = $aes->decrypt($data, $bin_key, ENC_HEX); + } + } + else + { + $password = $_POST['password']; + } + + $error =& $s; + + /** + * Validation of POST data coming from registration. Put an error message in the variable $error to stop registration. + * @hook ucp_register_validate + */ + + $code = $plugins->setHook('ucp_register_validate'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + + // All things verified, create account + if ( !$s ) + $s = $session->create_user($_POST['username'], $password, $_POST['email'], $_POST['real_name'], $coppa); + } + } + if($s == 'success' && !$coppa) + { + switch(getConfig('account_activation')) + { + case "none": + default: + $str = $lang->get('user_reg_msg_success_activ_none', array('login_link' => makeUrlNS('Special', 'Login', false, true))); + break; + case "user": + $str = $lang->get('user_reg_msg_success_activ_user'); + break; + case "admin": + $str = $lang->get('user_reg_msg_success_activ_admin'); + break; + } + die_friendly($lang->get('user_reg_msg_success_title'), '

' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '

'); + } + else if ( $s == 'success' && $coppa ) + { + $str = $lang->get('user_reg_msg_success_activ_coppa'); + die_friendly($lang->get('user_reg_msg_success_title'), '

' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '

'); + } + $username = htmlspecialchars($_POST['username']); + $email = htmlspecialchars($_POST['email']); + $realname = htmlspecialchars($_POST['real_name']); + } + $template->header(); + echo $lang->get('user_reg_msg_greatercontrol'); + + if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) ) + { + $coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' ); + $session->kill_captcha(); + $captchacode = $session->make_captcha(); + + $pubkey = $session->rijndael_genkey(); + $challenge = $session->dss_rand(); + + ?> +

get('user_reg_msg_table_title'); ?>

+ + + + '; ?> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + setHook('ucp_register_form'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + ?> + + + user_logged_in ): + ?> + + + + + + + + + + + + + + + + + + + + + + + + user_logged_in + ?> + + + + + +

get('user_reg_msg_table_subtitle'); ?>
'.$s.'
+ get('user_reg_lbl_field_username'); ?> + +	+ +	+ +
+ get('user_reg_lbl_field_password'); ?> + + -10 ): ?> + get('user_reg_msg_password_score'); ?> + +	+ Loading... +	+ +
+ get('user_reg_lbl_field_password_confirm'); ?> +
+ +
+ get('user_reg_lbl_field_email_coppa'); + } + else + { + echo $lang->get('user_reg_lbl_field_email'); + } + ?> + ' . $lang->get('user_reg_msg_email_activuser') . ''; + } + ?> +	+ +	+ +
+ get('user_reg_lbl_field_realname'); ?> + get('user_reg_msg_realname_optional'); ?> +	+ +	+
+ get('user_reg_lbl_field_captcha'); ?> + + get('user_reg_msg_captcha_pleaseenter', array('regen_flags' => 'href="#" onclick="regenCaptcha(); return false;"')); ?> + + get('user_reg_msg_captcha_blind'); ?> + +	+ +	+ +
	+ get('user_reg_lbl_field_captcha_code'); ?> + + + +
+ get('user_reg_msg_please_read_tou'); + ?> +
+ + + + + + + get('user_reg_lbl_field_tou'); ?> + + +
+ + +

+ '; + ?> + + + + + +

+ + + + + '; + echo ''; + echo ' + + + + + '; + echo '

+ ' . $lang->get('user_reg_coppa_title') . ' +

+ ' . $lang->get('user_reg_coppa_link_atleast13', array( 'yo13_date' => $yo13_date )) . '
+ ' . $lang->get('user_reg_coppa_link_not13', array( 'yo13_date' => $yo13_date )) . ' +

'; + echo ''; + } + $template->footer(); } function page_Special_Contributions() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - - // This is a vast improvement over the old Special:Contributions in 1.0.x. - - $template->header(); - $user = $paths->getParam(); - if ( !$user && isset($_GET['user']) ) - { - $user = $_GET['user']; - } - else if ( !$user && !isset($_GET['user']) ) - { - echo '

' . $lang->get('userfuncs_contribs_err_no_user') . '

'; - $template->footer(); - return; - } - - $url = makeUrlNS("Special", "Log/user={$user}"); - redirect($url, '', '', 0); + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + + // This is a vast improvement over the old Special:Contributions in 1.0.x. + + $template->header(); + $user = $paths->getParam(); + if ( !$user && isset($_GET['user']) ) + { + $user = $_GET['user']; + } + else if ( !$user && !isset($_GET['user']) ) + { + echo '

' . $lang->get('userfuncs_contribs_err_no_user') . '

'; + $template->footer(); + return; + } + + $url = makeUrlNS("Special", "Log/user={$user}"); + redirect($url, '', '', 0); } function page_Special_ChangeStyle() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - - if ( !$session->user_logged_in ) - { - die_friendly('Access denied', '

You must be logged in to change your style. Spoofer.

'); - } - if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to'])) - { - if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) ) - die('Hacking attempt'); - if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) ) - die('Hacking attempt'); - $d = ENANO_ROOT . '/themes/' . $_POST['theme']; - $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css'; - if ( !file_exists($d) || !is_dir($d) ) - { - die('The directory "'.$d.'" does not exist.'); - } - if ( !file_exists($f) ) - { - die('The file "'.$f.'" does not exist.'); - } - $d = $db->escape($_POST['theme']); - $f = $db->escape($_POST['style']); - $q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\''; - if ( !$db->sql_query($q) ) - { - $db->_die('Your theme/style preferences were not updated.'); - } - else - { - redirect(makeUrl($_POST['return_to']), $lang->get('userfuncs_changetheme_success_title'), $lang->get('userfuncs_changetheme_success_body'), 3); - } - } - else - { - $template->header(); - $ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0); - if ( !$ret ) - { - $ret = get_main_page(); - } - ?> -

- -

get('userfuncs_changetheme_heading_theme'); ?>

- -

get('userfuncs_changetheme_heading_style'); ?>

- -

- footer(); - } + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + + if ( !$session->user_logged_in ) + { + die_friendly('Access denied', '

You must be logged in to change your style. Spoofer.

'); + } + if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to'])) + { + if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) ) + die('Hacking attempt'); + if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) ) + die('Hacking attempt'); + $d = ENANO_ROOT . '/themes/' . $_POST['theme']; + $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css'; + if ( !file_exists($d) || !is_dir($d) ) + { + die('The directory "'.$d.'" does not exist.'); + } + if ( !file_exists($f) ) + { + die('The file "'.$f.'" does not exist.'); + } + $d = $db->escape($_POST['theme']); + $f = $db->escape($_POST['style']); + $q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\''; + if ( !$db->sql_query($q) ) + { + $db->_die('Your theme/style preferences were not updated.'); + } + else + { + redirect(makeUrl($_POST['return_to']), $lang->get('userfuncs_changetheme_success_title'), $lang->get('userfuncs_changetheme_success_body'), 3); + } + } + else + { + $template->header(); + $ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0); + if ( !$ret ) + { + $ret = get_main_page(); + } + ?> + + footer(); + } } function page_Special_ActivateAccount() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - - $user = $paths->getParam(0); - if ( !$user ) - { - die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '

' . $lang->get('userfuncs_activate_err_badlink_body') . '

'); - } - $user = str_replace('_', ' ', dirtify_page_id($user)); - $key = $paths->getParam(1); - if ( !$key ) - { - die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '

' . $lang->get('userfuncs_activate_err_badlink_body') . '

'); - } - $s = $session->activate_account(str_replace('_', ' ', $user), $key); - if ( $s ) - { - die_friendly($lang->get('userfuncs_activate_success_title'), '

' . $lang->get('userfuncs_activate_success_body') . '

'); - } - else - { - die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '

' . $lang->get('userfuncs_activate_err_bad_key') . '

'); - } + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + + $user = $paths->getParam(0); + if ( !$user ) + { + die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '

' . $lang->get('userfuncs_activate_err_badlink_body') . '

'); + } + $user = str_replace('_', ' ', dirtify_page_id($user)); + $key = $paths->getParam(1); + if ( !$key ) + { + die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '

' . $lang->get('userfuncs_activate_err_badlink_body') . '

'); + } + $s = $session->activate_account(str_replace('_', ' ', $user), $key); + if ( $s ) + { + die_friendly($lang->get('userfuncs_activate_success_title'), '

' . $lang->get('userfuncs_activate_success_body') . '

'); + } + else + { + die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '

' . $lang->get('userfuncs_activate_err_bad_key') . '

'); + } } function page_Special_Captcha() { - global $db, $session, $paths, $template, $plugins; // Common objects - if ( $paths->getParam(0) == 'make' ) - { - $session->kill_captcha(); - echo $session->make_captcha(); - return; - } - - $hash = $paths->getParam(0); - if ( !$hash || !preg_match('#^([0-9a-f]*){32,40}$#i', $hash) ) - { - $paths->main_page(); - } - - if ( $validate_code = $paths->getParam(1) ) - { - if ( preg_match('/^validate=(.+)$/', $validate_code, $match) ) - { - header('Content-type: text/javascript'); - $code = $session->get_captcha($hash, true); - $valid = strtolower($code) === strtolower($match[1]); - if ( !$valid ) - { - $session->make_captcha(7, $hash); - } - echo enano_json_encode(array( - 'valid' => $valid - )); - exit; - } - } + global $db, $session, $paths, $template, $plugins; // Common objects + if ( $paths->getParam(0) == 'make' ) + { + $session->kill_captcha(); + echo $session->make_captcha(); + return; + } + + $hash = $paths->getParam(0); + if ( !$hash || !preg_match('#^([0-9a-f]*){32,40}$#i', $hash) ) + { + $paths->main_page(); + } + + if ( $validate_code = $paths->getParam(1) ) + { + if ( preg_match('/^validate=(.+)$/', $validate_code, $match) ) + { + header('Content-type: text/javascript'); + $code = $session->get_captcha($hash, true); + $valid = strtolower($code) === strtolower($match[1]); + if ( !$valid ) + { + $session->make_captcha(7, $hash); + } + echo enano_json_encode(array( + 'valid' => $valid + )); + exit; + } + } - $session->make_captcha(7, $hash); - $code = $session->generate_captcha_code(); - // Avoid letting our captchas end up on failblog.org - // BTW, the last one was a real-life encounter: http://files.ha.xx0r.info/murder.png - foreach ( array('shit', 'cock', 'fuck', 'nazi', 'cunt', 'clit', 'pussy', 'penis', 'piss', 'tits', 'murder') as $word ) - { - if ( stristr($code, $word) ) - { - // but don't put too much effort into this (will only correct this once) - // I mean, face it. If it generates one of those words twice in a row, either the local root has had - // way too much fun with his /dev/random, or this server is just plain gutter-minded. - $code = $session->generate_captcha_code(); - break; - } - } - $q = $db->sql_query('UPDATE ' . table_prefix . "captcha SET code = '$code' WHERE session_id = '$hash';"); - if ( !$q ) - $db->_die(); - - require ( ENANO_ROOT.'/includes/captcha.php' ); - $captcha = captcha_object($hash, 'freecap'); - // $captcha->debug = true; - $captcha->make_image(); - - exit; + $session->make_captcha(7, $hash); + $code = $session->generate_captcha_code(); + // Avoid letting our captchas end up on failblog.org + // BTW, the last one was a real-life encounter: http://files.ha.xx0r.info/murder.png + foreach ( array('shit', 'cock', 'fuck', 'nazi', 'cunt', 'clit', 'pussy', 'penis', 'piss', 'tits', 'murder') as $word ) + { + if ( stristr($code, $word) ) + { + // but don't put too much effort into this (will only correct this once) + // I mean, face it. If it generates one of those words twice in a row, either the local root has had + // way too much fun with his /dev/random, or this server is just plain gutter-minded. + $code = $session->generate_captcha_code(); + break; + } + } + $q = $db->sql_query('UPDATE ' . table_prefix . "captcha SET code = '$code' WHERE session_id = '$hash';"); + if ( !$q ) + $db->_die(); + + require ( ENANO_ROOT.'/includes/captcha.php' ); + $captcha = captcha_object($hash, 'freecap'); + // $captcha->debug = true; + $captcha->make_image(); + + exit; } function page_Special_PasswordReset() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - - $template->header(); - if($paths->getParam(0) == 'stage2') - { - require_once(ENANO_ROOT . '/includes/math.php'); - require_once(ENANO_ROOT . '/includes/diffiehellman.php'); - - $user_id = intval($paths->getParam(1)); - $encpass = $paths->getParam(2); - if ( $user_id < 2 ) - { - echo '

Hacking attempt

'; - $template->footer(); - return false; - } - if(!preg_match('#^([a-f0-9]+)$#i', $encpass)) - { - echo '

Hacking attempt

'; - $template->footer(); - return false; - } - - $q = $db->sql_query('SELECT username,temp_password_time,temp_password,password_salt FROM '.table_prefix.'users WHERE user_id='.$user_id.';'); - if($db->numrows() < 1) - { - echo '

Invalid credentials

'; - $template->footer(); - return false; - } - $row = $db->fetchrow(); - $db->free_result(); - - $temp_pass = $session->pk_decrypt($encpass); - $temp_hmac = hmac_sha1($temp_pass, $row['password_salt']); - - if ( $temp_hmac !== $row['temp_password'] ) - { - echo '

Invalid credentials

'; - $template->footer(); - return false; - } - - if ( ( intval($row['temp_password_time']) + ( 3600 * 24 ) ) < time() ) - { - echo '

' . $lang->get('userfuncs_passreset_err_pass_expired', array('reset_url' => makeUrlNS('Special', 'PasswordReset'))) . '

'; - $template->footer(); - return false; - } - - if ( isset($_POST['do_stage2']) ) - { - $data = $session->get_aes_post('pass'); - - if(empty($data)) - { - echo 'ERROR: Sanity check failed!'; - $template->footer(); - return false; - } - if ( strlen($data) < 6 ) - { - echo '

' . $lang->get('userfuncs_passreset_err_too_short') . '

'; - $template->footer(); - return false; - } - if ( $_POST['use_crypt'] == 'no' ) - { - if ( $_POST['pass'] !== $_POST['pass_confirm'] ) - { - echo '

' . $lang->get('userfuncs_passreset_err_no_match') . '

'; - $template->footer(); - return false; - } - } - if ( getConfig('pw_strength_enable') == '1' ) - { - $min_score = intval(getConfig('pw_strength_minimum')); - $inp_score = password_score($data); - if ( $inp_score < $min_score ) - { - $url = makeUrl($paths->fullpage); - echo "

" . $lang->get('userfuncs_passreset_err_failed_score', array('inp_score' => $inp_score, 'url' => $url)) . "

"; - $template->footer(); - return false; - } - } - - $session->set_password($user_id, $data); - - $q = $db->sql_query('UPDATE '.table_prefix.'users SET temp_password=\'\',temp_password_time=0 WHERE user_id = '.$user_id.';'); - - if($q) - { - $session->login_without_crypto($row['username'], $data); - echo '

' . $lang->get('userfuncs_passreset_stage2_success', array('url_mainpage' => makeUrl(get_main_page()))) . '

'; - } - else - { - echo $db->get_error(); - } - - $template->footer(); - return false; - } - - // Password reset form - $evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" ' : ''; - $pw_meter = ( getConfig('pw_strength_enable') == '1' ) ? '' . $lang->get('userfuncs_passreset_stage2_lbl_strength') . '

' : ''; - $pw_blurb = ( getConfig('pw_strength_enable') == '1' && intval(getConfig('pw_strength_minimum')) > -10 ) ? '
' . $lang->get('userfuncs_passreset_stage2_blurb_strength') . '' : ''; - - ?> -

-
-

- - - - - - - - -

get('userfuncs_passreset_stage2_th'); ?>
get('userfuncs_passreset_stage2_lbl_password'); ?>	/>
get('userfuncs_passreset_stage2_lbl_confirm'); ?>
- - -

- generate_aes_form(); ?> -

- - aes_javascript('resetform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data', 'dh_supported', 'dh_public_key', 'dh_client_public_key'); - $template->footer(); - return true; - } - if ( $session->user_logged_in ) - { - $paths->main_page(); - } - - if(isset($_POST['do_reset'])) - { - if($session->mail_password_reset($_POST['username'])) - { - echo '

' . $lang->get('userfuncs_passreset_stage1_success') . '

'; - } - else - { - echo '

' . $lang->get('userfuncs_passreset_stage1_error') . '

'; - } - $template->footer(); - return true; - } - echo '

' . $lang->get('userfuncs_passreset_blurb_line1') . '

' . $lang->get('userfuncs_passreset_blurb_line2') . '

- '; - $template->footer(); + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + + $template->header(); + if($paths->getParam(0) == 'stage2') + { + require_once(ENANO_ROOT . '/includes/math.php'); + require_once(ENANO_ROOT . '/includes/diffiehellman.php'); + + $user_id = intval($paths->getParam(1)); + $encpass = $paths->getParam(2); + if ( $user_id < 2 ) + { + echo '

Hacking attempt

'; + $template->footer(); + return false; + } + if(!preg_match('#^([a-f0-9]+)$#i', $encpass)) + { + echo '

Hacking attempt

'; + $template->footer(); + return false; + } + + $q = $db->sql_query('SELECT username,temp_password_time,temp_password,password_salt FROM '.table_prefix.'users WHERE user_id='.$user_id.';'); + if($db->numrows() < 1) + { + echo '

Invalid credentials

'; + $template->footer(); + return false; + } + $row = $db->fetchrow(); + $db->free_result(); + + $temp_pass = $session->pk_decrypt($encpass); + $temp_hmac = hmac_sha1($temp_pass, $row['password_salt']); + + if ( $temp_hmac !== $row['temp_password'] ) + { + echo '

Invalid credentials

'; + $template->footer(); + return false; + } + + if ( ( intval($row['temp_password_time']) + ( 3600 * 24 ) ) < time() ) + { + echo '

' . $lang->get('userfuncs_passreset_err_pass_expired', array('reset_url' => makeUrlNS('Special', 'PasswordReset'))) . '

'; + $template->footer(); + return false; + } + + if ( isset($_POST['do_stage2']) ) + { + $data = $session->get_aes_post('pass'); + + if(empty($data)) + { + echo 'ERROR: Sanity check failed!'; + $template->footer(); + return false; + } + if ( strlen($data) < 6 ) + { + echo '

' . $lang->get('userfuncs_passreset_err_too_short') . '

'; + $template->footer(); + return false; + } + if ( $_POST['use_crypt'] == 'no' ) + { + if ( $_POST['pass'] !== $_POST['pass_confirm'] ) + { + echo '

' . $lang->get('userfuncs_passreset_err_no_match') . '

'; + $template->footer(); + return false; + } + } + if ( getConfig('pw_strength_enable') == '1' ) + { + $min_score = intval(getConfig('pw_strength_minimum')); + $inp_score = password_score($data); + if ( $inp_score < $min_score ) + { + $url = makeUrl($paths->fullpage); + echo "

" . $lang->get('userfuncs_passreset_err_failed_score', array('inp_score' => $inp_score, 'url' => $url)) . "

"; + $template->footer(); + return false; + } + } + + $session->set_password($user_id, $data); + + $q = $db->sql_query('UPDATE '.table_prefix.'users SET temp_password=\'\',temp_password_time=0 WHERE user_id = '.$user_id.';'); + + if($q) + { + $session->login_without_crypto($row['username'], $data); + echo '

' . $lang->get('userfuncs_passreset_stage2_success', array('url_mainpage' => makeUrl(get_main_page()))) . '

'; + } + else + { + echo $db->get_error(); + } + + $template->footer(); + return false; + } + + // Password reset form + $evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" ' : ''; + $pw_meter = ( getConfig('pw_strength_enable') == '1' ) ? '' . $lang->get('userfuncs_passreset_stage2_lbl_strength') . '

' : ''; + $pw_blurb = ( getConfig('pw_strength_enable') == '1' && intval(getConfig('pw_strength_minimum')) > -10 ) ? '
' . $lang->get('userfuncs_passreset_stage2_blurb_strength') . '' : ''; + + ?> +

+
+

+ + + + + + + + +

get('userfuncs_passreset_stage2_th'); ?>
get('userfuncs_passreset_stage2_lbl_password'); ?>	/>
get('userfuncs_passreset_stage2_lbl_confirm'); ?>
+ + +

+ generate_aes_form(); ?> +

+ + aes_javascript('resetform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data', 'dh_supported', 'dh_public_key', 'dh_client_public_key'); + $template->footer(); + return true; + } + if ( $session->user_logged_in ) + { + $paths->main_page(); + } + + if(isset($_POST['do_reset'])) + { + if($session->mail_password_reset($_POST['username'])) + { + echo '

' . $lang->get('userfuncs_passreset_stage1_success') . '

'; + } + else + { + echo '

' . $lang->get('userfuncs_passreset_stage1_error') . '

'; + } + $template->footer(); + return true; + } + echo '

' . $lang->get('userfuncs_passreset_blurb_line1') . '

' . $lang->get('userfuncs_passreset_blurb_line2') . '

+ '; + $template->footer(); } function page_Special_Memberlist() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - - $template->header(); - - $startletters = 'abcdefghijklmnopqrstuvwxyz'; - $startletters = enano_str_split($startletters); - $startletter = ( isset($_GET['letter']) ) ? strtolower($_GET['letter']) : ''; - if ( !in_array($startletter, $startletters) && $startletter != 'chr' ) - { - $startletter = ''; - } - - $startletter_sql = $startletter; - if ( $startletter == 'chr' ) - { - $startletter_sql = '([^a-z])'; - } - - // offset - $perpage = 25; - $page = (( isset($_GET['offset']) && strval(intval($_GET['offset'])) === $_GET['offset']) ? intval($_GET['offset']) : 1) - 1; - $offset = $page * $perpage; - - // sort order - $sortkeys = array( - 'uid' => 'u.user_id', - 'username' => 'u.username', - 'email' => 'u.email', - 'regist' => 'u.reg_time' - ); - - $sortby = ( isset($_GET['sort']) && isset($sortkeys[$_GET['sort']]) ) ? $_GET['sort'] : 'username'; - $sort_sqllet = $sortkeys[$sortby]; - - $target_order = ( isset($_GET['orderby']) && in_array($_GET['orderby'], array('ASC', 'DESC')) )? $_GET['orderby'] : 'ASC'; - - $sortorders = array(); - foreach ( $sortkeys as $k => $_unused ) - { - $sortorders[$k] = ( $sortby == $k ) ? ( $target_order == 'ASC' ? 'DESC' : 'ASC' ) : 'ASC'; - } - - // Why 3.3714%? 100 percent / 28 cells, minus a little (0.2% / cell) to account for cell spacing - - echo '

- - '; - echo ''; - echo ''; - foreach ( $startletters as $letter ) - { - echo ''; - } - echo ' -

All

' . strtoupper($letter) . '

'; - - // User search - if ( isset($_GET['finduser']) ) - { - $finduser = str_replace(array( '%', '_'), - array('\\%', '\\_'), - $_GET['finduser']); - $finduser = str_replace(array('*', '?'), - array('%', '_'), - $finduser); - $finduser = $db->escape($finduser); - $username_where = ENANO_SQLFUNC_LOWERCASE . '(u.username) LIKE \'%' . strtolower($finduser) . '%\''; - $finduser_url = 'finduser=' . rawurlencode($_GET['finduser']) . '&'; - } - else - { - if ( ENANO_DBLAYER == 'MYSQL' ) - $username_where = 'lcase(u.username) REGEXP lcase("^' . $startletter_sql . '")'; - else if ( ENANO_DBLAYER == 'PGSQL' ) - $username_where = 'lower(u.username) ~ lower(\'^' . $startletter_sql . '\')'; - $finduser_url = ''; - } - - // Column markers - $headings = ' - - # - - - ' . $lang->get('userfuncs_ml_column_username') . ' - - - ' . $lang->get('userfuncs_ml_column_userlevel') . ' - - - ' . $lang->get('userfuncs_ml_column_email') . ' - - - ' . $lang->get('userfuncs_ml_column_regtime') . ' - - '; - - // determine number of rows - $q = $db->sql_query('SELECT COUNT(u.user_id) FROM '.table_prefix.'users AS u WHERE ' . $username_where . ' AND u.username != \'Anonymous\';'); - if ( !$q ) - $db->_die(); - - list($num_rows) = $db->fetchrow_num(); - $db->free_result(); - - if ( !empty($finduser_url) ) - { - switch ( $num_rows ) - { - case 0: - $str = ''; /* $lang->get('userfuncs_ml_msg_matches_zero'); */ break; - case 1: - $str = $lang->get('userfuncs_ml_msg_matches_one'); break; - default: - $str = $lang->get('userfuncs_ml_msg_matches', array('matches' => $num_rows)); break; - } - echo "

$str

"; - } - - // main selector - $pgsql_additional_group_by = ( ENANO_DBLAYER == 'PGSQL' ) ? ', u.username, u.reg_time, u.email, u.user_level, u.user_has_avatar, u.avatar_type, x.email_public' : ''; - $q = $db->sql_query('SELECT \'\' AS infobit, u.user_id, u.username, u.reg_time, u.email, u.user_level, u.user_has_avatar, u.avatar_type, x.email_public, COUNT(c.comment_id) AS num_comments FROM '.table_prefix.'users AS u - LEFT JOIN '.table_prefix.'users_extra AS x - ON ( u.user_id = x.user_id ) - LEFT JOIN ' . table_prefix . 'comments AS c - ON ( u.user_id = c.user_id ) - WHERE ' . $username_where . ' AND u.username != \'Anonymous\' - GROUP BY u.user_id' . $pgsql_additional_group_by . ' - ORDER BY ' . $sort_sqllet . ' ' . $target_order . ' - LIMIT ' . $perpage . ' OFFSET ' . $offset . ';'); - if ( !$q ) - $db->_die(); - - // formatter parameters - $formatter = new MemberlistFormatter(); - $formatters = array( - 'username' => array($formatter, 'username'), - 'user_level' => array($formatter, 'user_level'), - 'email' => array($formatter, 'email'), - 'reg_time' => array($formatter, 'reg_time'), - 'infobit' => array($formatter, 'infobit') - ); - - $result_url = makeUrlNS('Special', 'Memberlist', ( str_replace('%', '%%', $finduser_url) ) . 'letter=' . $startletter . '&offset=%s&sort=' . $sortby . '&orderby=' . $target_order ); - $paginator = generate_paginator($page, ceil($num_rows / $perpage), $result_url); - - if ( $num_rows > 0 ) - { - if ( $num_rows > $perpage ) - echo $paginator; - - echo '

- - ' . $headings; - - $i = 0; - while ( $row = $db->fetchrow($q) ) - { - $i++; - $cls = ( $i % 2 == 0 ) ? 'row2' : 'row1'; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - } - - echo ' ' . $headings . ' -

' . $row['user_id'] . '	' . $formatter->username($row['username'], $row) . '	' . $formatter->user_level($row['user_level'], $row) . '	' . $formatter->email($row['email'], $row) . '	' . $formatter->reg_time($row['reg_time'], $row) . '
- - ' . $formatter->infobit(true, $row) . ' - -

- '; - - if ( $num_rows > $perpage ) - echo $paginator; - } - else - { - echo '

' . $lang->get('log_msg_no_results') . '

'; - } - - echo '

- -

'; - - $template->footer(); + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + + $template->header(); + + $startletters = 'abcdefghijklmnopqrstuvwxyz'; + $startletters = enano_str_split($startletters); + $startletter = ( isset($_GET['letter']) ) ? strtolower($_GET['letter']) : ''; + if ( !in_array($startletter, $startletters) && $startletter != 'chr' ) + { + $startletter = ''; + } + + $startletter_sql = $startletter; + if ( $startletter == 'chr' ) + { + $startletter_sql = '([^a-z])'; + } + + // offset + $perpage = 25; + $page = (( isset($_GET['offset']) && strval(intval($_GET['offset'])) === $_GET['offset']) ? intval($_GET['offset']) : 1) - 1; + $offset = $page * $perpage; + + // sort order + $sortkeys = array( + 'uid' => 'u.user_id', + 'username' => 'u.username', + 'email' => 'u.email', + 'regist' => 'u.reg_time' + ); + + $sortby = ( isset($_GET['sort']) && isset($sortkeys[$_GET['sort']]) ) ? $_GET['sort'] : 'username'; + $sort_sqllet = $sortkeys[$sortby]; + + $target_order = ( isset($_GET['orderby']) && in_array($_GET['orderby'], array('ASC', 'DESC')) )? $_GET['orderby'] : 'ASC'; + + $sortorders = array(); + foreach ( $sortkeys as $k => $_unused ) + { + $sortorders[$k] = ( $sortby == $k ) ? ( $target_order == 'ASC' ? 'DESC' : 'ASC' ) : 'ASC'; + } + + // Why 3.3714%? 100 percent / 28 cells, minus a little (0.2% / cell) to account for cell spacing + + echo '

+ + '; + echo ''; + echo ''; + foreach ( $startletters as $letter ) + { + echo ''; + } + echo ' +

All

' . strtoupper($letter) . '

'; + + // User search + if ( isset($_GET['finduser']) ) + { + $finduser = str_replace(array( '%', '_'), + array('\\%', '\\_'), + $_GET['finduser']); + $finduser = str_replace(array('*', '?'), + array('%', '_'), + $finduser); + $finduser = $db->escape($finduser); + $username_where = ENANO_SQLFUNC_LOWERCASE . '(u.username) LIKE \'%' . strtolower($finduser) . '%\''; + $finduser_url = 'finduser=' . rawurlencode($_GET['finduser']) . '&'; + } + else + { + if ( ENANO_DBLAYER == 'MYSQL' ) + $username_where = 'lcase(u.username) REGEXP lcase("^' . $startletter_sql . '")'; + else if ( ENANO_DBLAYER == 'PGSQL' ) + $username_where = 'lower(u.username) ~ lower(\'^' . $startletter_sql . '\')'; + $finduser_url = ''; + } + + // Column markers + $headings = ' + + # + + + ' . $lang->get('userfuncs_ml_column_username') . ' + + + ' . $lang->get('userfuncs_ml_column_userlevel') . ' + + + ' . $lang->get('userfuncs_ml_column_email') . ' + + + ' . $lang->get('userfuncs_ml_column_regtime') . ' + + '; + + // determine number of rows + $q = $db->sql_query('SELECT COUNT(u.user_id) FROM '.table_prefix.'users AS u WHERE ' . $username_where . ' AND u.username != \'Anonymous\';'); + if ( !$q ) + $db->_die(); + + list($num_rows) = $db->fetchrow_num(); + $db->free_result(); + + if ( !empty($finduser_url) ) + { + switch ( $num_rows ) + { + case 0: + $str = ''; /* $lang->get('userfuncs_ml_msg_matches_zero'); */ break; + case 1: + $str = $lang->get('userfuncs_ml_msg_matches_one'); break; + default: + $str = $lang->get('userfuncs_ml_msg_matches', array('matches' => $num_rows)); break; + } + echo "

$str

"; + } + + // main selector + $pgsql_additional_group_by = ( ENANO_DBLAYER == 'PGSQL' ) ? ', u.username, u.reg_time, u.email, u.user_level, u.user_has_avatar, u.avatar_type, x.email_public' : ''; + $q = $db->sql_query('SELECT \'\' AS infobit, u.user_id, u.username, u.reg_time, u.email, u.user_level, u.user_has_avatar, u.avatar_type, x.email_public, COUNT(c.comment_id) AS num_comments FROM '.table_prefix.'users AS u + LEFT JOIN '.table_prefix.'users_extra AS x + ON ( u.user_id = x.user_id ) + LEFT JOIN ' . table_prefix . 'comments AS c + ON ( u.user_id = c.user_id ) + WHERE ' . $username_where . ' AND u.username != \'Anonymous\' + GROUP BY u.user_id' . $pgsql_additional_group_by . ' + ORDER BY ' . $sort_sqllet . ' ' . $target_order . ' + LIMIT ' . $perpage . ' OFFSET ' . $offset . ';'); + if ( !$q ) + $db->_die(); + + // formatter parameters + $formatter = new MemberlistFormatter(); + $formatters = array( + 'username' => array($formatter, 'username'), + 'user_level' => array($formatter, 'user_level'), + 'email' => array($formatter, 'email'), + 'reg_time' => array($formatter, 'reg_time'), + 'infobit' => array($formatter, 'infobit') + ); + + $result_url = makeUrlNS('Special', 'Memberlist', ( str_replace('%', '%%', $finduser_url) ) . 'letter=' . $startletter . '&offset=%s&sort=' . $sortby . '&orderby=' . $target_order ); + $paginator = generate_paginator($page, ceil($num_rows / $perpage), $result_url); + + if ( $num_rows > 0 ) + { + if ( $num_rows > $perpage ) + echo $paginator; + + echo '

+ + ' . $headings; + + $i = 0; + while ( $row = $db->fetchrow($q) ) + { + $i++; + $cls = ( $i % 2 == 0 ) ? 'row2' : 'row1'; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + } + + echo ' ' . $headings . ' +

' . $row['user_id'] . '	' . $formatter->username($row['username'], $row) . '	' . $formatter->user_level($row['user_level'], $row) . '	' . $formatter->email($row['email'], $row) . '	' . $formatter->reg_time($row['reg_time'], $row) . '
+ + ' . $formatter->infobit(true, $row) . ' + +

+ '; + + if ( $num_rows > $perpage ) + echo $paginator; + } + else + { + echo '

' . $lang->get('log_msg_no_results') . '

'; + } + + echo '

+ +

'; + + $template->footer(); } /** @@ -1755,153 +1755,153 @@ class MemberlistFormatter { - function username($username, $row) - { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - - $userpage = $paths->nslist['User'] . sanitize_page_id($username); - $class = ( isPage($userpage) ) ? '' : ' class="wikilink-nonexistent"'; - $anchor = '' . htmlspecialchars($username) . ''; - if ( $session->user_level >= USER_LEVEL_ADMIN ) - { - $anchor .= ' - ' . $lang->get('userfuncs_ml_btn_adminuser') . ''; - } - return $anchor; - } - function user_level($level, $row) - { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - /* - switch ( $level ) - { - case USER_LEVEL_GUEST: - $s_level = $lang->get('userfuncs_ml_level_guest'); break; - case USER_LEVEL_MEMBER: - case USER_LEVEL_CHPREF: - $s_level = $lang->get('userfuncs_ml_level_member'); break; - case USER_LEVEL_MOD: - $s_level = $lang->get('userfuncs_ml_level_mod'); break; - case USER_LEVEL_ADMIN: - $s_level = $lang->get('userfuncs_ml_level_admin'); break; - default: - $s_level = $lang->get('userfuncs_ml_level_unknown', array( 'level' => $level )); - } - */ - - // TODO: Requested by mm3. Is this too CPU-intensive? Optimize? - // Performance yield =/= about the same (but only 4 users under testing conditions) - $rankdata = $session->get_user_rank($row['user_id']); - $s_level = '' . $lang->get($rankdata['rank_title']) . ''; - - return $s_level; - } - function email($addy, $row) - { - global $lang; - if ( $row['email_public'] == '1' ) - { - global $email; - $addy = $email->encryptEmail($addy); - return $addy; - } - else - { - return '<' . $lang->get('userfuncs_ml_email_nonpublic') . '>'; - } - } - /** - * Format a time as a reference to a day, with user-friendly "X days ago"/"Today"/"Yesterday" returned when relevant. - * @param int UNIX timestamp - * @return string - */ - - public static function format_date($time) - { - // merged into enano_date() :) - return enano_date(ED_DATE, $time); - } - function reg_time($time, $row) - { - return $this->format_date($time); - } - function infobit($_, $row) - { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - - $bit = ''; - if ( $row['user_has_avatar'] == 1 ) - { - $bit .= '

'; - } - $rank_data = $session->get_user_rank(intval($row['user_id'])); - $userpage = $paths->nslist['User'] . sanitize_page_id($row['username']); - $title = ( isPage($userpage) ) ? ' title="' . $lang->get('userfuncs_ml_tip_userpage') . '"' : ' title="' . $lang->get('userfuncs_ml_tip_nouserpage') . '"'; - $bit .= '' . htmlspecialchars($row['username']) . '
'; - if ( $rank_data['user_title'] ) - $bit .= htmlspecialchars($rank_data['user_title']) . '
'; - if ( $rank_data['rank_title'] ) - $bit .= '' . htmlspecialchars($lang->get($rank_data['rank_title'])) . '
'; - - $bit .= '

- ' . $lang->get('comment_btn_send_privmsg') . ' - ' . $lang->get('comment_btn_add_buddy') . ' -

'; - - return $bit; - } + function username($username, $row) + { + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + + $userpage = $paths->nslist['User'] . sanitize_page_id($username); + $class = ( isPage($userpage) ) ? '' : ' class="wikilink-nonexistent"'; + $anchor = '' . htmlspecialchars($username) . ''; + if ( $session->user_level >= USER_LEVEL_ADMIN ) + { + $anchor .= ' - ' . $lang->get('userfuncs_ml_btn_adminuser') . ''; + } + return $anchor; + } + function user_level($level, $row) + { + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + /* + switch ( $level ) + { + case USER_LEVEL_GUEST: + $s_level = $lang->get('userfuncs_ml_level_guest'); break; + case USER_LEVEL_MEMBER: + case USER_LEVEL_CHPREF: + $s_level = $lang->get('userfuncs_ml_level_member'); break; + case USER_LEVEL_MOD: + $s_level = $lang->get('userfuncs_ml_level_mod'); break; + case USER_LEVEL_ADMIN: + $s_level = $lang->get('userfuncs_ml_level_admin'); break; + default: + $s_level = $lang->get('userfuncs_ml_level_unknown', array( 'level' => $level )); + } + */ + + // TODO: Requested by mm3. Is this too CPU-intensive? Optimize? + // Performance yield =/= about the same (but only 4 users under testing conditions) + $rankdata = $session->get_user_rank($row['user_id']); + $s_level = '' . $lang->get($rankdata['rank_title']) . ''; + + return $s_level; + } + function email($addy, $row) + { + global $lang; + if ( $row['email_public'] == '1' ) + { + global $email; + $addy = $email->encryptEmail($addy); + return $addy; + } + else + { + return '<' . $lang->get('userfuncs_ml_email_nonpublic') . '>'; + } + } + /** + * Format a time as a reference to a day, with user-friendly "X days ago"/"Today"/"Yesterday" returned when relevant. + * @param int UNIX timestamp + * @return string + */ + + public static function format_date($time) + { + // merged into enano_date() :) + return enano_date(ED_DATE, $time); + } + function reg_time($time, $row) + { + return $this->format_date($time); + } + function infobit($_, $row) + { + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + + $bit = ''; + if ( $row['user_has_avatar'] == 1 ) + { + $bit .= '

'; + } + $rank_data = $session->get_user_rank(intval($row['user_id'])); + $userpage = $paths->nslist['User'] . sanitize_page_id($row['username']); + $title = ( isPage($userpage) ) ? ' title="' . $lang->get('userfuncs_ml_tip_userpage') . '"' : ' title="' . $lang->get('userfuncs_ml_tip_nouserpage') . '"'; + $bit .= '' . htmlspecialchars($row['username']) . '
'; + if ( $rank_data['user_title'] ) + $bit .= htmlspecialchars($rank_data['user_title']) . '
'; + if ( $rank_data['rank_title'] ) + $bit .= '' . htmlspecialchars($lang->get($rank_data['rank_title'])) . '
'; + + $bit .= '

+ ' . $lang->get('comment_btn_send_privmsg') . ' + ' . $lang->get('comment_btn_add_buddy') . ' +

'; + + return $bit; + } } function page_Special_LangExportJSON() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - - $lang_id = ( $x = $paths->getParam(0) ) ? intval($x) : $lang->lang_id; - - if ( $lang->lang_id == $lang_id ) - $lang_local =& $lang; - else - $lang_local = new Language($lang_id); - - $lang_local->get('meta_meta'); - - $lang_strings = enano_json_encode($lang_local->strings); - $etag = substr(sha1($lang_strings), 0, 20) . '-' . dechex($lang_local->lang_timestamp); - - if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) ) - { - if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] ) - { - header('HTTP/1.1 304 Not Modified'); - exit(); - } - } - - $timestamp = enano_date('D, j M Y H:i:s T', $lang_local->lang_timestamp); - // generate expires header - $expires = date('r', mktime(-1, -1, -1, -1, -1, intval(date('y'))+1)); + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + + $lang_id = ( $x = $paths->getParam(0) ) ? intval($x) : $lang->lang_id; + + if ( $lang->lang_id == $lang_id ) + $lang_local =& $lang; + else + $lang_local = new Language($lang_id); + + $lang_local->get('meta_meta'); + + $lang_strings = enano_json_encode($lang_local->strings); + $etag = substr(sha1($lang_strings), 0, 20) . '-' . dechex($lang_local->lang_timestamp); + + if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) ) + { + if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] ) + { + header('HTTP/1.1 304 Not Modified'); + exit(); + } + } + + $timestamp = enano_date('D, j M Y H:i:s T', $lang_local->lang_timestamp); + // generate expires header + $expires = date('r', mktime(-1, -1, -1, -1, -1, intval(date('y'))+1)); - header("Last-Modified: $timestamp"); - header("Date: $timestamp"); - header("ETag: \"$etag\""); - header('Content-type: text/javascript'); - header("Expires: $expires"); - - $lang_local->fetch(); - echo "if ( typeof(enano_lang) != 'object' ) - var enano_lang = new Object(); + header("Last-Modified: $timestamp"); + header("Date: $timestamp"); + header("ETag: \"$etag\""); + header('Content-type: text/javascript'); + header("Expires: $expires"); + + $lang_local->fetch(); + echo "if ( typeof(enano_lang) != 'object' ) + var enano_lang = new Object(); enano_lang[{$lang_local->lang_id}] = " . $lang_strings . ";"; - gzip_output(); - - exit(0); + gzip_output(); + + exit(0); } /** @@ -1910,96 +1910,96 @@ function page_Special_Avatar() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $aggressive_optimize_html; - $aggressive_optimize_html = false; - - $img_types = array( - IMAGE_TYPE_PNG => 'png', - IMAGE_TYPE_GIF => 'gif', - IMAGE_TYPE_JPG => 'jpg', - IMAGE_TYPE_GRV => 'grv' - ); - - $avi_id = $paths->getParam(0); - if ( !$avi_id || !@preg_match('/^[a-f0-9]+$/', $avi_id) ) - { - echo 'Doesn\'t match the regexp'; - return true; - } - - $avi_id_dec = hexdecode($avi_id); - $avi_id_dec = @unpack('Vdate/Vuid/vimg_type', $avi_id_dec); - if ( !$avi_id_dec ) - { - echo 'Bad unpack'; - return true; - } - - // check parameters - if ( !isset($img_types[$avi_id_dec['img_type']]) ) - { - echo 'Invalid image type'; - return true; - } - - // build file path - $avi_type = $img_types[$avi_id_dec['img_type']]; - - // is this a gravatar? - if ( $avi_type == 'grv' ) - { - // yes, we'll have to redirect - // sanitize UID - $uid = intval($avi_id_dec['uid']); - - // fetch email - $q = $db->sql_query('SELECT email FROM ' . table_prefix . "users WHERE user_id = $uid;"); - if ( !$q ) - $db->_die(); - if ( $db->numrows() < 1 ) - return false; - - list($email) = $db->fetchrow_num(); - $db->free_result(); - - $url = make_gravatar_url($url); - - // ship out the redirect - header('HTTP/1.1 302 Permanent Redirect'); - header("Location: $url"); - } - - $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $avi_id_dec['uid'] . '.' . $avi_type; - if ( file_exists($avi_path) ) - { - $avi_mod_time = @filemtime($avi_path); - $avi_mod_time = date('r', $avi_mod_time); - $avi_size = @filesize($avi_path); - header("Last-Modified: $avi_mod_time"); - header("Content-Length: $avi_size"); - header("Content-Type: image/$avi_type"); - // http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html - header("Cache-Control: public"); - // expire it 30 days from now - $expiry_time = time() + ( 86400 * 30 ); - header("Expires: " . date('r', $expiry_time)); - - $fh = @fopen($avi_path, 'r'); - if ( !$fh ) - { - echo 'Could not open file'; - return true; - } - - while ( $fd = @fread($fh, 1024) ) - { - echo $fd; - } - fclose($fh); - - } - return true; + global $db, $session, $paths, $template, $plugins; // Common objects + global $aggressive_optimize_html; + $aggressive_optimize_html = false; + + $img_types = array( + IMAGE_TYPE_PNG => 'png', + IMAGE_TYPE_GIF => 'gif', + IMAGE_TYPE_JPG => 'jpg', + IMAGE_TYPE_GRV => 'grv' + ); + + $avi_id = $paths->getParam(0); + if ( !$avi_id || !@preg_match('/^[a-f0-9]+$/', $avi_id) ) + { + echo 'Doesn\'t match the regexp'; + return true; + } + + $avi_id_dec = hexdecode($avi_id); + $avi_id_dec = @unpack('Vdate/Vuid/vimg_type', $avi_id_dec); + if ( !$avi_id_dec ) + { + echo 'Bad unpack'; + return true; + } + + // check parameters + if ( !isset($img_types[$avi_id_dec['img_type']]) ) + { + echo 'Invalid image type'; + return true; + } + + // build file path + $avi_type = $img_types[$avi_id_dec['img_type']]; + + // is this a gravatar? + if ( $avi_type == 'grv' ) + { + // yes, we'll have to redirect + // sanitize UID + $uid = intval($avi_id_dec['uid']); + + // fetch email + $q = $db->sql_query('SELECT email FROM ' . table_prefix . "users WHERE user_id = $uid;"); + if ( !$q ) + $db->_die(); + if ( $db->numrows() < 1 ) + return false; + + list($email) = $db->fetchrow_num(); + $db->free_result(); + + $url = make_gravatar_url($url); + + // ship out the redirect + header('HTTP/1.1 302 Permanent Redirect'); + header("Location: $url"); + } + + $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $avi_id_dec['uid'] . '.' . $avi_type; + if ( file_exists($avi_path) ) + { + $avi_mod_time = @filemtime($avi_path); + $avi_mod_time = date('r', $avi_mod_time); + $avi_size = @filesize($avi_path); + header("Last-Modified: $avi_mod_time"); + header("Content-Length: $avi_size"); + header("Content-Type: image/$avi_type"); + // http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html + header("Cache-Control: public"); + // expire it 30 days from now + $expiry_time = time() + ( 86400 * 30 ); + header("Expires: " . date('r', $expiry_time)); + + $fh = @fopen($avi_path, 'r'); + if ( !$fh ) + { + echo 'Could not open file'; + return true; + } + + while ( $fd = @fread($fh, 1024) ) + { + echo $fd; + } + fclose($fh); + + } + return true; } ?> \ No newline at end of file