| Zeile 6 | Zeile 6 |
|---|
* Website: http://www.mybboard.net
* License: http://www.mybboard.net/about/license
*
|
* Website: http://www.mybboard.net
* License: http://www.mybboard.net/about/license
*
|
* $Id: member.php 4114 2008-08-14 02:11:18Z Tikitiki $
| * $Id: member.php 4274 2008-11-19 03:22:50Z Tikitiki $
|
*/
define("IN_MYBB", 1);
| */
define("IN_MYBB", 1);
|
| Zeile 14 | Zeile 14 |
|---|
$nosession['avatar'] = 1;
$templatelist = "member_register,error_nousername,error_nopassword,error_passwordmismatch,error_invalidemail,error_usernametaken,error_emailmismatch,error_noemail,redirect_registered";
|
$nosession['avatar'] = 1;
$templatelist = "member_register,error_nousername,error_nopassword,error_passwordmismatch,error_invalidemail,error_usernametaken,error_emailmismatch,error_noemail,redirect_registered";
|
$templatelist .= ",redirect_loggedout,login,redirect_loggedin,error_invalidusername,error_invalidpassword,member_profile_email,member_profile_offline,member_profile_reputation,member_profile_warn,member_profile_warninglevel,member_profile_customfields_field,member_profile_customfields,member_profile_adminoptions,member_profile,member_login,member_profile_online,member_profile_modoptions";
| $templatelist .= ",redirect_loggedout,login,redirect_loggedin,error_invalidusername,error_invalidpassword,member_profile_email,member_profile_offline,member_profile_reputation,member_profile_warn,member_profile_warninglevel,member_profile_customfields_field,member_profile_customfields,member_profile_adminoptions,member_profile,member_login,member_profile_online,member_profile_modoptions,member_profile_signature,member_profile_groupimage";
|
require_once "./global.php";
require_once MYBB_ROOT."inc/functions_post.php";
| require_once "./global.php";
require_once MYBB_ROOT."inc/functions_post.php";
|
| Zeile 373 | Zeile 373 |
|---|
if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) || $mybb->request_method != "post")
{
// Is this user a COPPA user? We need to show the COPPA agreement too
|
if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) || $mybb->request_method != "post")
{
// Is this user a COPPA user? We need to show the COPPA agreement too
|
if($mybb->setings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen))
| if($mybb->settings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen))
|
{
if($mybb->settings['coppa'] == "deny")
{
| {
if($mybb->settings['coppa'] == "deny")
{
|
| Zeile 944 | Zeile 944 |
|---|
eval("\$activate = \"".$templates->get("member_resetpassword")."\";");
output_page($activate);
}
|
eval("\$activate = \"".$templates->get("member_resetpassword")."\";");
output_page($activate);
}
|
| | }
$do_captcha = $correct = false;
$inline_errors = "";
if($mybb->input['action'] == "do_login" && $mybb->request_method == "post")
{
$plugins->run_hooks("member_do_login_start");
// Checks to make sure the user can login; they haven't had too many tries at logging in.
// Is a fatal call if user has had too many tries
$logins = login_attempt_check();
$login_text = '';
// Did we come from the quick login form
if($mybb->input['quick_login'] == "1" && $mybb->input['quick_password'] && $mybb->input['quick_username'])
{
$mybb->input['password'] = $mybb->input['quick_password'];
$mybb->input['username'] = $mybb->input['quick_username'];
}
if(!username_exists($mybb->input['username']))
{
my_setcookie('loginattempts', $logins + 1);
error($lang->error_invalidpworusername.$login_text);
}
$query = $db->simple_select("users", "loginattempts", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1));
$loginattempts = $db->fetch_field($query, "loginattempts");
$errors = array();
$user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);
if(!$user['uid'])
{
my_setcookie('loginattempts', $logins + 1);
$db->write_query("UPDATE ".TABLE_PREFIX."users SET loginattempts=loginattempts+1 WHERE LOWER(username) = '".$db->escape_string(my_strtolower($mybb->input['username']))."'");
$mybb->input['action'] = "login";
$mybb->input['request_method'] = "get";
if($mybb->settings['failedlogintext'] == 1)
{
$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
}
$errors[] = $lang->error_invalidpworusername.$login_text;
}
else
{
$correct = true;
}
if($loginattempts > 3 || intval($mybb->cookies['loginattempts']) > 3)
{
// Show captcha image for guests if enabled
if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$mybb->user['uid'])
{
// If previewing a post - check their current captcha input - if correct, hide the captcha input area
if($mybb->input['imagestring'])
{
$imagehash = $db->escape_string($mybb->input['imagehash']);
$imagestring = $db->escape_string($mybb->input['imagestring']);
$query = $db->simple_select("captcha", "*", "imagehash='{$imagehash}' AND imagestring='{$imagestring}'");
$imgcheck = $db->fetch_array($query);
if($imgcheck['dateline'] > 0)
{
$correct = true;
}
else
{
$db->delete_query("captcha", "imagehash='{$imagehash}'");
$errors[] = $lang->error_regimageinvalid;
}
}
else if($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username'])
{
$errors[] = $lang->error_regimagerequired;
}
else
{
$errors[] = $lang->error_regimagerequired;
}
}
$do_captcha = true;
}
if(!empty($errors))
{
$mybb->input['action'] = "login";
$mybb->input['request_method'] = "get";
$inline_errors = inline_error($errors);
}
else if($correct)
{
if($user['coppauser'])
{
error($lang->error_awaitingcoppa);
}
my_setcookie('loginattempts', 1);
$db->delete_query("sessions", "ip='".$db->escape_string($session->ipaddress)."' AND sid != '".$session->sid."'");
$newsession = array(
"uid" => $user['uid'],
);
$db->update_query("sessions", $newsession, "sid='".$session->sid."'");
$db->update_query("users", array("loginattempts" => 1), "uid='{$user['uid']}'");
// Temporarily set the cookie remember option for the login cookies
$mybb->user['remember'] = $user['remember'];
my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], null, true);
my_setcookie("sid", $session->sid, -1, true);
$plugins->run_hooks("member_do_login_end");
if($mybb->input['url'] != "" && my_strpos(basename($mybb->input['url']), 'member.php') === false)
{
if((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false)
{
$mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']);
}
$mybb->input['url'] = str_replace('&', '&', $mybb->input['url']);
// Redirect to the URL if it is not member.php
redirect(htmlentities($mybb->input['url']), $lang->redirect_loggedin);
}
else
{
redirect("index.php", $lang->redirect_loggedin);
}
}
else
{
$mybb->input['action'] = "login";
$mybb->input['request_method'] = "get";
}
$plugins->run_hooks("member_do_login_end");
|
}
if($mybb->input['action'] == "login")
| }
if($mybb->input['action'] == "login")
|
| Zeile 955 | Zeile 1097 |
|---|
{
$lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid']));
eval("\$member_loggedin_notice = \"".$templates->get("member_loggedin_notice")."\";");
|
{
$lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid']));
eval("\$member_loggedin_notice = \"".$templates->get("member_loggedin_notice")."\";");
|
}
| }
|
// Checks to make sure the user can login; they haven't had too many tries at logging in.
// Is a fatal call if user has had too many tries
|
// Checks to make sure the user can login; they haven't had too many tries at logging in.
// Is a fatal call if user has had too many tries
|
| Zeile 969 | Zeile 1111 |
|---|
elseif($_SERVER['HTTP_REFERER'])
{
$redirect_url = htmlentities($_SERVER['HTTP_REFERER']);
|
elseif($_SERVER['HTTP_REFERER'])
{
$redirect_url = htmlentities($_SERVER['HTTP_REFERER']);
|
}
eval("\$login = \"".$templates->get("member_login")."\";");
output_page($login);
}
if($mybb->input['action'] == "do_login" && $mybb->request_method == "post")
{
$plugins->run_hooks("member_do_login_start");
// Checks to make sure the user can login; they haven't had too many tries at logging in.
// Is a fatal call if user has had too many tries
$logins = login_attempt_check();
$login_text = '';
if(!username_exists($mybb->input['username']))
| }
$captcha = "";
// Show captcha image for guests if enabled
if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && $do_captcha == true)
|
{
|
{
|
my_setcookie('loginattempts', $logins + 1);
$db->write_query("UPDATE ".TABLE_PREFIX."sessions SET loginattempts=loginattempts+1 WHERE sid = '{$session->sid}'");
if($mybb->settings['failedlogintext'] == 1)
{
$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
| if(!$correct)
{
$randomstr = random_str(5);
$imagehash = md5(random_str(12));
$imagearray = array(
"imagehash" => $imagehash,
"imagestring" => $randomstr,
"dateline" => TIME_NOW
);
$db->insert_query("captcha", $imagearray);
eval("\$captcha = \"".$templates->get("post_captcha")."\";");
|
}
|
}
|
error($lang->error_invalidpworusername.$login_text);
}
$user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);
if(!$user['uid'])
| }
$username = "";
$password = "";
if($mybb->input['username'] && $mybb->request_method == "post")
|
{
|
{
|
my_setcookie('loginattempts', $logins + 1);
$db->write_query("UPDATE ".TABLE_PREFIX."sessions SET loginattempts=loginattempts+1 WHERE sid = '{$session->sid}'");
if($mybb->settings['failedlogintext'] == 1)
{
$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
}
error($lang->error_invalidpassword.$login_text);
| $username = htmlspecialchars_uni($mybb->input['username']);
}
if($mybb->input['password'] && $mybb->request_method == "post")
{
$password = htmlspecialchars_uni($mybb->input['password']);
|
}
|
}
|
if($user['coppauser'])
{
error($lang->error_awaitingcoppa);
}
my_setcookie('loginattempts', 1);
$db->delete_query("sessions", "ip='".$db->escape_string($session->ipaddress)."' AND sid != '".$session->sid."'");
$newsession = array(
"uid" => $user['uid'],
"loginattempts" => 1,
);
$db->update_query("sessions", $newsession, "sid='".$session->sid."'");
// Temporarily set the cookie remember option for the login cookies
$mybb->user['remember'] = $user['remember'];
my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], null, true);
my_setcookie("sid", $session->sid, -1, true);
$plugins->run_hooks("member_do_login_end");
if($mybb->input['url'] != "" && my_strpos(basename($mybb->input['url']), 'member.php') === false)
{
if((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false)
{
$mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']);
}
$mybb->input['url'] = str_replace('&', '&', $mybb->input['url']);
// Redirect to the URL if it is not member.php
redirect(htmlentities($mybb->input['url']), $lang->redirect_loggedin);
}
else
{
redirect("index.php", $lang->redirect_loggedin);
}
| eval("\$login = \"".$templates->get("member_login")."\";");
output_page($login);
|
}
if($mybb->input['action'] == "logout")
| }
if($mybb->input['action'] == "logout")
|
| Zeile 1130 | Zeile 1232 |
|---|
else
{
if($mybb->input['uid'])
|
else
{
if($mybb->input['uid'])
|
{
| {
|
$uid = intval($mybb->input['uid']);
}
else
| $uid = intval($mybb->input['uid']);
}
else
|
| Zeile 1334 | Zeile 1436 |
|---|
if($membday[2] >= 1970)
{
|
if($membday[2] >= 1970)
{
|
$w_day = get_weekday($membday[1], $membday[0], $membday[2]);
| $w_day = date("l", mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]));
|
$membday = format_bdays($mybb->settings['dateformat'], $membday[1], $membday[0], $membday[2], $w_day);
}
else
| $membday = format_bdays($mybb->settings['dateformat'], $membday[1], $membday[0], $membday[2], $w_day);
}
else
|
| Zeile 1376 | Zeile 1478 |
|---|
$displaygroup = usergroup_displaygroup($memprofile['displaygroup']);
// Get the user title for this user
|
$displaygroup = usergroup_displaygroup($memprofile['displaygroup']);
// Get the user title for this user
|
| | unset($usertitle);
unset($stars);
|
if(trim($memprofile['usertitle']) != '')
{
// User has custom user title
| if(trim($memprofile['usertitle']) != '')
{
// User has custom user title
|
| Zeile 1404 | Zeile 1508 |
|---|
if($displaygroup['stars'])
{
|
if($displaygroup['stars'])
{
|
| | // Set the number of stars if display group has constant number of stars
|
$stars = $displaygroup['stars'];
|
$stars = $displaygroup['stars'];
|
| | }
elseif(!$stars)
{
// This is for cases where the user has a title, but the group has no defined number of stars (use number of stars as per default usergroups)
$query = $db->simple_select("usertitles", "*", "", array('order_by' => 'posts', 'order_dir' => 'DESC'));
while($title = $db->fetch_array($query))
{
if($memprofile['postnum'] >= $title['posts'])
{
$stars = $title['stars'];
$starimage = $title['starimage'];
break;
}
}
|
}
if(!empty($displaygroup['image']))
| }
if(!empty($displaygroup['image']))
|
| Zeile 1412 | Zeile 1531 |
|---|
if(!empty($mybb->user['language']))
{
$language = $mybb->user['language'];
|
if(!empty($mybb->user['language']))
{
$language = $mybb->user['language'];
|
}
| }
|
else
{
$language = $mybb->settings['bblanguage'];
| else
{
$language = $mybb->settings['bblanguage'];
|
| Zeile 1425 | Zeile 1544 |
|---|
if(!$starimage)
{
$starimage = $displaygroup['starimage'];
|
if(!$starimage)
{
$starimage = $displaygroup['starimage'];
|
}
| }
|
$starimage = str_replace("{theme}", $theme['imgdir'], $starimage);
$userstars = '';
for($i = 0; $i < $stars; ++$i)
{
$userstars .= "<img src=\"$starimage\" border=\"0\" alt=\"*\" />";
|
$starimage = str_replace("{theme}", $theme['imgdir'], $starimage);
$userstars = '';
for($i = 0; $i < $stars; ++$i)
{
$userstars .= "<img src=\"$starimage\" border=\"0\" alt=\"*\" />";
|
}
| }
|
// User is currently online and this user has permissions to view the user on the WOL
$timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60;
|
// User is currently online and this user has permissions to view the user on the WOL
$timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60;
|
| Zeile 1457 | Zeile 1576 |
|---|
// Fetch the reputation for this user
if($memperms['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
|
// Fetch the reputation for this user
if($memperms['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
|
{
| {
|
$reputation = get_reputation($memprofile['reputation']);
// If this user has permission to give reputations show the vote link
| $reputation = get_reputation($memprofile['reputation']);
// If this user has permission to give reputations show the vote link
|
| Zeile 1478 | Zeile 1597 |
|---|
}
$warning_level = get_colored_warning_level($warning_level);
if($mybb->usergroup['canwarnusers'] != 0 && $memprofile['uid'] != $mybb->user['uid'])
|
}
$warning_level = get_colored_warning_level($warning_level);
if($mybb->usergroup['canwarnusers'] != 0 && $memprofile['uid'] != $mybb->user['uid'])
|
{
| {
|
eval("\$warn_user = \"".$templates->get("member_profile_warn")."\";");
$warning_link = "warnings.php?uid={$memprofile['uid']}";
|
eval("\$warn_user = \"".$templates->get("member_profile_warn")."\";");
$warning_link = "warnings.php?uid={$memprofile['uid']}";
|
}
| }
|
else
{
$warning_link = "usercp.php";
}
eval("\$warning_level = \"".$templates->get("member_profile_warninglevel")."\";");
|
else
{
$warning_link = "usercp.php";
}
eval("\$warning_level = \"".$templates->get("member_profile_warninglevel")."\";");
|
}
| }
|
$query = $db->simple_select("userfields", "*", "ufid='$uid'");
$userfields = $db->fetch_array($query);
$customfields = '';
| $query = $db->simple_select("userfields", "*", "ufid='$uid'");
$userfields = $db->fetch_array($query);
$customfields = '';
|
| Zeile 1528 | Zeile 1647 |
|---|
else
{
if($customfield['type'] == "textarea")
|
else
{
if($customfield['type'] == "textarea")
|
{
| {
|
$customfieldval = nl2br(htmlspecialchars_uni($userfields[$field]));
|
$customfieldval = nl2br(htmlspecialchars_uni($userfields[$field]));
|
}
| }
|
else
{
$customfieldval = htmlspecialchars_uni($userfields[$field]);
| else
{
$customfieldval = htmlspecialchars_uni($userfields[$field]);
|
| Zeile 1538 | Zeile 1657 |
|---|
}
eval("\$customfields .= \"".$templates->get("member_profile_customfields_field")."\";");
$bgcolor = alt_trow();
|
}
eval("\$customfields .= \"".$templates->get("member_profile_customfields_field")."\";");
$bgcolor = alt_trow();
|
}
| }
|
if($customfields)
|
if($customfields)
|
{
| {
|
eval("\$profilefields = \"".$templates->get("member_profile_customfields")."\";");
}
$memprofile['postnum'] = my_number_format($memprofile['postnum']);
| eval("\$profilefields = \"".$templates->get("member_profile_customfields")."\";");
}
$memprofile['postnum'] = my_number_format($memprofile['postnum']);
|
| Zeile 1549 | Zeile 1668 |
|---|
if($memprofile['timeonline'] > 0)
{
$timeonline = nice_time($memprofile['timeonline']);
|
if($memprofile['timeonline'] > 0)
{
$timeonline = nice_time($memprofile['timeonline']);
|
}
| }
|
else
{
$timeonline = $lang->none_registered;
| else
{
$timeonline = $lang->none_registered;
|
| Zeile 1569 | Zeile 1688 |
|---|
eval("\$profile = \"".$templates->get("member_profile")."\";");
output_page($profile);
}
|
eval("\$profile = \"".$templates->get("member_profile")."\";");
output_page($profile);
}
|
|
|
if($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post")
{
// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);
|
if($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post")
{
// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);
|
|
|
$plugins->run_hooks("member_do_emailuser_start");
// Guests or those without permission can't email other users
if($mybb->usergroup['cansendemail'] == 0 || !$mybb->user['uid'])
|
$plugins->run_hooks("member_do_emailuser_start");
// Guests or those without permission can't email other users
if($mybb->usergroup['cansendemail'] == 0 || !$mybb->user['uid'])
|
{
| {
|
error_no_permission();
}
| error_no_permission();
}
|
| Zeile 1589 | Zeile 1708 |
|---|
$query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "fromuid='{$mybb->user['uid']}' AND dateline >= '".(TIME_NOW - (60*60*24))."'");
$sent_count = $db->fetch_field($query, "sent_count");
if($sent_count > $mybb->usergroup['maxemails'])
|
$query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "fromuid='{$mybb->user['uid']}' AND dateline >= '".(TIME_NOW - (60*60*24))."'");
$sent_count = $db->fetch_field($query, "sent_count");
if($sent_count > $mybb->usergroup['maxemails'])
|
{
| {
|
$lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
error($lang->error_max_emails_day);
}
}
|
$lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
error($lang->error_max_emails_day);
}
}
|
|
|
$query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".intval($mybb->input['uid'])."'");
$to_user = $db->fetch_array($query);
if(!$to_user['username'])
|
$query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".intval($mybb->input['uid'])."'");
$to_user = $db->fetch_array($query);
if(!$to_user['username'])
|
{
| {
|
error($lang->error_invalidusername);
|
error($lang->error_invalidusername);
|
}
| }
|
if($to_user['hideemail'] != 0)
{
error($lang->error_hideemail);
}
if(empty($mybb->input['subject']))
|
if($to_user['hideemail'] != 0)
{
error($lang->error_hideemail);
}
if(empty($mybb->input['subject']))
|
{
| {
|
$errors[] = $lang->error_no_email_subject;
|
$errors[] = $lang->error_no_email_subject;
|
}
| }
|
if(empty($mybb->input['message']))
|
if(empty($mybb->input['message']))
|
{
| {
|
$errors[] = $lang->error_no_email_message;
}
if(count($errors) == 0)
{
|
$errors[] = $lang->error_no_email_message;
}
if(count($errors) == 0)
{
|
$from = "{$mybb->user['username']} <{$mybb->user['email']}>";
| if($mybb->settings['mail_handler'] == 'smtp')
{
$from = $mybb->user['email'];
}
else
{
$from = "{$mybb->user['username']} <{$mybb->user['email']}>";
}
|
$message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->input['message']);
|
$message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->input['message']);
|
my_mail($to_user['email'], $mybb->input['subject'], $message, $from);
| my_mail($to_user['email'], $mybb->input['subject'], $message, $from, "", "", false, "text", "", $mybb->user['email']);
|
if($mybb->settings['mail_logging'] > 0)
{
|
if($mybb->settings['mail_logging'] > 0)
{
|