| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id: member.php 5616 2011-09-20 13:24:59Z Tomm $ 10 */ 11 12 define("IN_MYBB", 1); 13 define('THIS_SCRIPT', 'member.php'); 14 define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword"); 15 16 $nosession['avatar'] = 1; 17 $templatelist = "member_register,error_nousername,error_nopassword,error_passwordmismatch,error_invalidemail,error_usernametaken,error_emailmismatch,error_noemail,redirect_registered,member_register_hiddencaptcha"; 18 $templatelist .= ",redirect_loggedout,login,redirect_loggedin,error_invalidusername,error_invalidpassword,member_profile_email,member_profile_offline,member_profile_reputation,member_profile_warn,member_profile_warninglevel,member_profile_customfields_field,member_profile_customfields,member_profile_adminoptions,member_profile,member_login,member_profile_online,member_profile_modoptions,member_profile_signature,member_profile_groupimage,member_profile_referrals"; 19 require_once "./global.php"; 20 21 require_once MYBB_ROOT."inc/functions_post.php"; 22 require_once MYBB_ROOT."inc/functions_user.php"; 23 require_once MYBB_ROOT."inc/class_parser.php"; 24 $parser = new postParser; 25 26 // Load global language phrases 27 $lang->load("member"); 28 29 // Make navigation 30 switch($mybb->input['action']) 31 { 32 case "register": 33 case "do_register": 34 add_breadcrumb($lang->nav_register); 35 break; 36 case "activate": 37 add_breadcrumb($lang->nav_activate); 38 break; 39 case "resendactivation": 40 add_breadcrumb($lang->nav_resendactivation); 41 break; 42 case "lostpw": 43 add_breadcrumb($lang->nav_lostpw); 44 break; 45 case "resetpassword": 46 add_breadcrumb($lang->nav_resetpassword); 47 break; 48 case "login": 49 add_breadcrumb($lang->nav_login); 50 break; 51 case "emailuser": 52 add_breadcrumb($lang->nav_emailuser); 53 break; 54 } 55 56 if(($mybb->input['action'] == "register" || $mybb->input['action'] == "do_register") && $mybb->usergroup['cancp'] != 1) 57 { 58 if($mybb->settings['disableregs'] == 1) 59 { 60 error($lang->registrations_disabled); 61 } 62 if($mybb->user['regdate']) 63 { 64 error($lang->error_alreadyregistered); 65 } 66 if($mybb->settings['betweenregstime'] && $mybb->settings['maxregsbetweentime']) 67 { 68 $time = TIME_NOW; 69 $datecut = $time-(60*60*$mybb->settings['betweenregstime']); 70 $query = $db->simple_select("users", "*", "regip='".$db->escape_string($session->ipaddress)."' AND regdate > '$datecut'"); 71 $regcount = $db->num_rows($query); 72 if($regcount >= $mybb->settings['maxregsbetweentime']) 73 { 74 $lang->error_alreadyregisteredtime = $lang->sprintf($lang->error_alreadyregisteredtime, $regcount, $mybb->settings['betweenregstime']); 75 error($lang->error_alreadyregisteredtime); 76 } 77 } 78 } 79 80 if($mybb->input['action'] == "do_register" && $mybb->request_method == "post") 81 { 82 $plugins->run_hooks("member_do_register_start"); 83 84 // If we have hidden CATPCHA enabled and it's filled, deny registration 85 if($mybb->settings['hiddencaptchaimage']) 86 { 87 $string = $mybb->settings['hiddencaptchaimagefield']; 88 89 if($mybb->input[$string] != '') 90 { 91 error($lang->error_spam_deny); 92 } 93 } 94 95 if($mybb->settings['regtype'] == "randompass") 96 { 97 $mybb->input['password'] = random_str(); 98 $mybb->input['password2'] = $mybb->input['password']; 99 } 100 101 if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->input['coppa'] == 1) 102 { 103 $usergroup = 5; 104 } 105 else 106 { 107 $usergroup = 2; 108 } 109 110 // Set up user handler. 111 require_once MYBB_ROOT."inc/datahandlers/user.php"; 112 $userhandler = new UserDataHandler("insert"); 113 114 // Set the data for the new user. 115 $user = array( 116 "username" => $mybb->input['username'], 117 "password" => $mybb->input['password'], 118 "password2" => $mybb->input['password2'], 119 "email" => $mybb->input['email'], 120 "email2" => $mybb->input['email2'], 121 "usergroup" => $usergroup, 122 "referrer" => $mybb->input['referrername'], 123 "timezone" => $mybb->input['timezoneoffset'], 124 "language" => $mybb->input['language'], 125 "profile_fields" => $mybb->input['profile_fields'], 126 "regip" => $session->ipaddress, 127 "longregip" => my_ip2long($session->ipaddress), 128 "coppa_user" => intval($mybb->cookies['coppauser']), 129 ); 130 131 if(isset($mybb->input['regcheck1']) && isset($mybb->input['regcheck2'])) 132 { 133 $user['regcheck1'] = $mybb->input['regcheck1']; 134 $user['regcheck2'] = $mybb->input['regcheck2']; 135 } 136 137 // Do we have a saved COPPA DOB? 138 if($mybb->cookies['coppadob']) 139 { 140 list($dob_day, $dob_month, $dob_year) = explode("-", $mybb->cookies['coppadob']); 141 $user['birthday'] = array( 142 "day" => $dob_day, 143 "month" => $dob_month, 144 "year" => $dob_year 145 ); 146 } 147 148 $user['options'] = array( 149 "allownotices" => $mybb->input['allownotices'], 150 "hideemail" => $mybb->input['hideemail'], 151 "subscriptionmethod" => $mybb->input['subscriptionmethod'], 152 "receivepms" => $mybb->input['receivepms'], 153 "pmnotice" => $mybb->input['pmnotice'], 154 "emailpmnotify" => $mybb->input['emailpmnotify'], 155 "invisible" => $mybb->input['invisible'], 156 "dstcorrection" => $mybb->input['dstcorrection'] 157 ); 158 159 $userhandler->set_data($user); 160 161 $errors = ""; 162 163 if(!$userhandler->validate_user()) 164 { 165 $errors = $userhandler->get_friendly_errors(); 166 } 167 168 if($mybb->settings['captchaimage']) 169 { 170 require_once MYBB_ROOT.'inc/class_captcha.php'; 171 $captcha = new captcha; 172 173 if($captcha->validate_captcha() == false) 174 { 175 // CAPTCHA validation failed 176 foreach($captcha->get_errors() as $error) 177 { 178 $errors[] = $error; 179 } 180 } 181 } 182 183 if(is_array($errors)) 184 { 185 $username = htmlspecialchars_uni($mybb->input['username']); 186 $email = htmlspecialchars_uni($mybb->input['email']); 187 $email2 = htmlspecialchars_uni($mybb->input['email']); 188 $referrername = htmlspecialchars_uni($mybb->input['referrername']); 189 190 if($mybb->input['allownotices'] == 1) 191 { 192 $allownoticescheck = "checked=\"checked\""; 193 } 194 195 if($mybb->input['hideemail'] == 1) 196 { 197 $hideemailcheck = "checked=\"checked\""; 198 } 199 200 if($mybb->input['subscriptionmethod'] == 1) 201 { 202 $no_email_subscribe_selected = "selected=\"selected\""; 203 } 204 else if($mybb->input['subscriptionmethod'] == 2) 205 { 206 $instant_email_subscribe_selected = "selected=\"selected\""; 207 } 208 else 209 { 210 $no_subscribe_selected = "selected=\"selected\""; 211 } 212 213 if($mybb->input['receivepms'] == 1) 214 { 215 $receivepmscheck = "checked=\"checked\""; 216 } 217 218 if($mybb->input['pmnotice'] == 1) 219 { 220 $pmnoticecheck = " checked=\"checked\""; 221 } 222 223 if($mybb->input['emailpmnotify'] == 1) 224 { 225 $emailpmnotifycheck = "checked=\"checked\""; 226 } 227 228 if($mybb->input['invisible'] == 1) 229 { 230 $invisiblecheck = "checked=\"checked\""; 231 } 232 233 if($mybb->input['dstcorrection'] == 2) 234 { 235 $dst_auto_selected = "selected=\"selected\""; 236 } 237 else if($mybb->input['dstcorrection'] == 1) 238 { 239 $dst_enabled_selected = "selected=\"selected\""; 240 } 241 else 242 { 243 $dst_disabled_selected = "selected=\"selected\""; 244 } 245 246 $regerrors = inline_error($errors); 247 $mybb->input['action'] = "register"; 248 $fromreg = 1; 249 } 250 else 251 { 252 $user_info = $userhandler->insert_user(); 253 254 if($mybb->settings['regtype'] != "randompass" && !$mybb->cookies['coppauser']) 255 { 256 // Log them in 257 my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true); 258 } 259 260 if($mybb->cookies['coppauser']) 261 { 262 $lang->redirect_registered_coppa_activate = $lang->sprintf($lang->redirect_registered_coppa_activate, $mybb->settings['bbname'], $user_info['username']); 263 my_unsetcookie("coppauser"); 264 my_unsetcookie("coppadob"); 265 $plugins->run_hooks("member_do_register_end"); 266 error($lang->redirect_registered_coppa_activate); 267 } 268 else if($mybb->settings['regtype'] == "verify") 269 { 270 $activationcode = random_str(); 271 $now = TIME_NOW; 272 $activationarray = array( 273 "uid" => $user_info['uid'], 274 "dateline" => TIME_NOW, 275 "code" => $activationcode, 276 "type" => "r" 277 ); 278 $db->insert_query("awaitingactivation", $activationarray); 279 $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']); 280 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode); 281 my_mail($user_info['email'], $emailsubject, $emailmessage); 282 283 $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], $user_info['username']); 284 285 $plugins->run_hooks("member_do_register_end"); 286 287 error($lang->redirect_registered_activation); 288 } 289 else if($mybb->settings['regtype'] == "randompass") 290 { 291 $emailsubject = $lang->sprintf($lang->emailsubject_randompassword, $mybb->settings['bbname']); 292 $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $user_info['password']); 293 my_mail($user_info['email'], $emailsubject, $emailmessage); 294 295 $plugins->run_hooks("member_do_register_end"); 296 297 error($lang->redirect_registered_passwordsent); 298 } 299 else if($mybb->settings['regtype'] == "admin") 300 { 301 $lang->redirect_registered_admin_activate = $lang->sprintf($lang->redirect_registered_admin_activate, $mybb->settings['bbname'], $user_info['username']); 302 303 $plugins->run_hooks("member_do_register_end"); 304 305 error($lang->redirect_registered_admin_activate); 306 } 307 else 308 { 309 $lang->redirect_registered = $lang->sprintf($lang->redirect_registered, $mybb->settings['bbname'], $user_info['username']); 310 311 $plugins->run_hooks("member_do_register_end"); 312 313 redirect("index.php", $lang->redirect_registered); 314 } 315 } 316 } 317 318 if($mybb->input['action'] == "coppa_form") 319 { 320 if(!$mybb->settings['faxno']) 321 { 322 $mybb->settings['faxno'] = " "; 323 } 324 325 eval("\$coppa_form = \"".$templates->get("member_coppa_form")."\";"); 326 output_page($coppa_form); 327 } 328 329 if($mybb->input['action'] == "register") 330 { 331 $bdaysel = ''; 332 if($mybb->settings['coppa'] == "disabled") 333 { 334 $bdaysel = $bday2blank = "<option value=\"\"> </option>"; 335 } 336 for($i = 1; $i <= 31; ++$i) 337 { 338 if($mybb->input['bday1'] == $i) 339 { 340 $bdaysel .= "<option value=\"$i\" selected=\"selected\">$i</option>\n"; 341 } 342 else 343 { 344 $bdaysel .= "<option value=\"$i\">$i</option>\n"; 345 } 346 } 347 348 $bdaymonthsel[$mybb->input['bday2']] = "selected=\"selected\""; 349 $mybb->input['bday3'] = intval($mybb->input['bday3']); 350 351 if($mybb->input['bday3'] == 0) $mybb->input['bday3'] = ""; 352 353 // Is COPPA checking enabled? 354 if($mybb->settings['coppa'] != "disabled" && !$mybb->input['step']) 355 { 356 // Just selected DOB, we check 357 if($mybb->input['bday1'] && $mybb->input['bday2'] && $mybb->input['bday3']) 358 { 359 my_unsetcookie("coppauser"); 360 361 $bdaytime = @mktime(0, 0, 0, $mybb->input['bday2'], $mybb->input['bday1'], $mybb->input['bday3']); 362 363 // Store DOB in cookie so we can save it with the registration 364 my_setcookie("coppadob", "{$mybb->input['bday1']}-{$mybb->input['bday2']}-{$mybb->input['bday3']}", -1); 365 366 // User is <= 13, we mark as a coppa user 367 if($bdaytime >= mktime(0, 0, 0, my_date('n'), my_date('d'), my_date('Y')-13)) 368 { 369 my_setcookie("coppauser", 1, -0); 370 $under_thirteen = true; 371 } 372 $mybb->request_method = ""; 373 } 374 // Show DOB select form 375 else 376 { 377 $plugins->run_hooks("member_register_coppa"); 378 379 my_unsetcookie("coppauser"); 380 381 eval("\$coppa = \"".$templates->get("member_register_coppa")."\";"); 382 output_page($coppa); 383 exit; 384 } 385 } 386 387 if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) || $mybb->request_method != "post") 388 { 389 // Is this user a COPPA user? We need to show the COPPA agreement too 390 if($mybb->settings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen)) 391 { 392 if($mybb->settings['coppa'] == "deny") 393 { 394 error($lang->error_need_to_be_thirteen); 395 } 396 $lang->coppa_agreement_1 = $lang->sprintf($lang->coppa_agreement_1, $mybb->settings['bbname']); 397 eval("\$coppa_agreement = \"".$templates->get("member_register_agreement_coppa")."\";"); 398 } 399 400 $plugins->run_hooks("member_register_agreement"); 401 402 eval("\$agreement = \"".$templates->get("member_register_agreement")."\";"); 403 output_page($agreement); 404 } 405 else 406 { 407 $plugins->run_hooks("member_register_start"); 408 409 $validator_extra = ''; 410 411 if(isset($mybb->input['timezoneoffset'])) 412 { 413 $timezoneoffset = $mybb->input['timezoneoffset']; 414 } 415 else 416 { 417 $timezoneoffset = $mybb->settings['timezoneoffset']; 418 } 419 $tzselect = build_timezone_select("timezoneoffset", $timezoneoffset, true); 420 421 $stylelist = build_theme_select("style"); 422 423 if($mybb->settings['usertppoptions']) 424 { 425 $tppoptions = ''; 426 $explodedtpp = explode(",", $mybb->settings['usertppoptions']); 427 if(is_array($explodedtpp)) 428 { 429 foreach($explodedtpp as $val) 430 { 431 $val = trim($val); 432 $tppoptions .= "<option value=\"$val\">".$lang->sprintf($lang->tpp_option, $val)."</option>\n"; 433 } 434 } 435 eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";"); 436 } 437 if($mybb->settings['userpppoptions']) 438 { 439 $pppoptions = ''; 440 $explodedppp = explode(",", $mybb->settings['userpppoptions']); 441 if(is_array($explodedppp)) 442 { 443 foreach($explodedppp as $val) 444 { 445 $val = trim($val); 446 $pppoptions .= "<option value=\"$val\">".$lang->sprintf($lang->ppp_option, $val)."</option>\n"; 447 } 448 } 449 eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";"); 450 } 451 if($mybb->settings['usereferrals'] == 1 && !$mybb->user['uid']) 452 { 453 if($mybb->cookies['mybb']['referrer']) 454 { 455 $query = $db->simple_select("users", "uid,username", "uid='".$db->escape_string($mybb->cookies['mybb']['referrer'])."'"); 456 $ref = $db->fetch_array($query); 457 $referrername = $ref['username']; 458 } 459 elseif($referrer) 460 { 461 $query = $db->simple_select("users", "username", "uid='".intval($referrer['uid'])."'"); 462 $ref = $db->fetch_array($query); 463 $referrername = $ref['username']; 464 } 465 elseif($referrername) 466 { 467 $query = $db->simple_select("users", "uid", "LOWER(username)='".$db->escape_string(my_strtolower($referrername))."'"); 468 $ref = $db->fetch_array($query); 469 if(!$ref['uid']) 470 { 471 $errors[] = $lang->error_badreferrer; 472 } 473 } 474 if($quickreg) 475 { 476 $refbg = "trow1"; 477 } 478 else 479 { 480 $refbg = "trow2"; 481 } 482 // JS validator extra 483 $validator_extra .= "\tregValidator.register('referrer', 'ajax', {url:'xmlhttp.php?action=username_exists', loading_message:'{$lang->js_validator_checking_referrer}'});\n"; 484 485 eval("\$referrer = \"".$templates->get("member_register_referrer")."\";"); 486 } 487 else 488 { 489 $referrer = ''; 490 } 491 // Custom profile fields baby! 492 $altbg = "trow1"; 493 $query = $db->simple_select("profilefields", "*", "required=1", array('order_by' => 'disporder')); 494 while($profilefield = $db->fetch_array($query)) 495 { 496 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 497 $thing = explode("\n", $profilefield['type'], "2"); 498 $type = trim($thing[0]); 499 $options = $thing[1]; 500 $select = ''; 501 $field = "fid{$profilefield['fid']}"; 502 if($errors) 503 { 504 $userfield = $mybb->input['profile_fields'][$field]; 505 } 506 else 507 { 508 $userfield = ''; 509 } 510 if($type == "multiselect") 511 { 512 if($errors) 513 { 514 $useropts = $userfield; 515 } 516 else 517 { 518 $useropts = explode("\n", $userfield); 519 } 520 if(is_array($useropts)) 521 { 522 foreach($useropts as $key => $val) 523 { 524 $seloptions[$val] = $val; 525 } 526 } 527 $expoptions = explode("\n", $options); 528 if(is_array($expoptions)) 529 { 530 foreach($expoptions as $key => $val) 531 { 532 $val = trim($val); 533 $val = str_replace("\n", "\\n", $val); 534 535 $sel = ""; 536 if($val == $seloptions[$val]) 537 { 538 $sel = "selected=\"selected\""; 539 } 540 $select .= "<option value=\"$val\" $sel>$val</option>\n"; 541 } 542 if(!$profilefield['length']) 543 { 544 $profilefield['length'] = 3; 545 } 546 $code = "<select name=\"profile_fields[$field][]\" id=\"{$field}\" size=\"{$profilefield['length']}\" multiple=\"multiple\">$select</select>"; 547 } 548 } 549 elseif($type == "select") 550 { 551 $expoptions = explode("\n", $options); 552 if(is_array($expoptions)) 553 { 554 foreach($expoptions as $key => $val) 555 { 556 $val = trim($val); 557 $val = str_replace("\n", "\\n", $val); 558 $sel = ""; 559 if($val == $userfield) 560 { 561 $sel = "selected=\"selected\""; 562 } 563 $select .= "<option value=\"$val\" $sel>$val</option>"; 564 } 565 if(!$profilefield['length']) 566 { 567 $profilefield['length'] = 1; 568 } 569 $code = "<select name=\"profile_fields[$field]\" id=\"{$field}\" size=\"{$profilefield['length']}\">$select</select>"; 570 } 571 } 572 elseif($type == "radio") 573 { 574 $expoptions = explode("\n", $options); 575 if(is_array($expoptions)) 576 { 577 foreach($expoptions as $key => $val) 578 { 579 $checked = ""; 580 if($val == $userfield) 581 { 582 $checked = "checked=\"checked\""; 583 } 584 $code .= "<input type=\"radio\" class=\"radio\" name=\"profile_fields[$field]\" id=\"{$field}{$key}\" value=\"$val\" $checked /> <span class=\"smalltext\">$val</span><br />"; 585 } 586 } 587 } 588 elseif($type == "checkbox") 589 { 590 if($errors) 591 { 592 $useropts = $userfield; 593 } 594 else 595 { 596 $useropts = explode("\n", $userfield); 597 } 598 if(is_array($useropts)) 599 { 600 foreach($useropts as $key => $val) 601 { 602 $seloptions[$val] = $val; 603 } 604 } 605 $expoptions = explode("\n", $options); 606 if(is_array($expoptions)) 607 { 608 foreach($expoptions as $key => $val) 609 { 610 $checked = ""; 611 if($val == $seloptions[$val]) 612 { 613 $checked = "checked=\"checked\""; 614 } 615 $code .= "<input type=\"checkbox\" class=\"checkbox\" name=\"profile_fields[$field][]\" id=\"{$field}{$key}\" value=\"$val\" $checked /> <span class=\"smalltext\">$val</span><br />"; 616 } 617 } 618 } 619 elseif($type == "textarea") 620 { 621 $value = htmlspecialchars_uni($userfield); 622 $code = "<textarea name=\"profile_fields[$field]\" id=\"{$field}\" rows=\"6\" cols=\"30\" style=\"width: 95%\">$value</textarea>"; 623 } 624 else 625 { 626 $value = htmlspecialchars_uni($userfield); 627 $maxlength = ""; 628 if($profilefield['maxlength'] > 0) 629 { 630 $maxlength = " maxlength=\"{$profilefield['maxlength']}\""; 631 } 632 $code = "<input type=\"text\" name=\"profile_fields[$field]\" id=\"{$field}\" class=\"textbox\" size=\"{$profilefield['length']}\"{$maxlength} value=\"$value\" />"; 633 } 634 if($profilefield['required'] == 1) 635 { 636 // JS validator extra 637 if($type == "checkbox" || $type == "radio") 638 { 639 $id = "{$field}0"; 640 } 641 else 642 { 643 $id = "fid{$profilefield['fid']}"; 644 } 645 $validator_extra .= "\tregValidator.register('{$id}', 'notEmpty', {failure_message:'{$lang->js_validator_not_empty}'});\n"; 646 647 eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";"); 648 } 649 $code = ''; 650 $select = ''; 651 $val = ''; 652 $options = ''; 653 $expoptions = ''; 654 $useropts = ''; 655 $seloptions = ''; 656 } 657 if($requiredfields) 658 { 659 eval("\$requiredfields = \"".$templates->get("member_register_requiredfields")."\";"); 660 } 661 if(!$fromreg) 662 { 663 $allownoticescheck = "checked=\"checked\""; 664 $hideemailcheck = ''; 665 $emailnotifycheck = ''; 666 $receivepmscheck = "checked=\"checked\""; 667 $pmnoticecheck = " checked=\"checked\""; 668 $emailpmnotifycheck = ''; 669 $invisiblecheck = ''; 670 if($mybb->settings['dstcorrection'] == 1) 671 { 672 $enabledstcheck = "checked=\"checked\""; 673 } 674 675 } 676 // Spambot registration image thingy 677 if($mybb->settings['captchaimage']) 678 { 679 require_once MYBB_ROOT.'inc/class_captcha.php'; 680 $captcha = new captcha(true, "member_register_regimage"); 681 682 if($captcha->html) 683 { 684 $regimage = $captcha->html; 685 686 if($mybb->settings['captchaimage'] == 1) 687 { 688 // JS validator extra for our default CAPTCHA 689 $validator_extra .= "\tregValidator.register('imagestring', 'ajax', { url: 'xmlhttp.php?action=validate_captcha', extra_body: 'imagehash', loading_message: '{$lang->js_validator_captcha_valid}', failure_message: '{$lang->js_validator_no_image_text}'} );\n"; 690 } 691 } 692 } 693 // Hidden CAPTCHA for Spambots 694 if($mybb->settings['hiddencaptchaimage']) 695 { 696 $captcha_field = $mybb->settings['hiddencaptchaimagefield']; 697 698 eval("\$hiddencaptcha = \"".$templates->get("member_register_hiddencaptcha")."\";"); 699 } 700 if($mybb->settings['regtype'] != "randompass") 701 { 702 // JS validator extra 703 $lang->js_validator_password_length = $lang->sprintf($lang->js_validator_password_length, $mybb->settings['minpasswordlength']); 704 $validator_extra .= "\tregValidator.register('password', 'length', {match_field:'password2', min: {$mybb->settings['minpasswordlength']}, failure_message:'{$lang->js_validator_password_length}'});\n"; 705 706 // See if the board has "require complex passwords" enabled. 707 if($mybb->settings['requirecomplexpasswords'] == 1) 708 { 709 $lang->password = $lang->complex_password = $lang->sprintf($lang->complex_password, $mybb->settings['minpasswordlength']); 710 $validator_extra .= "\tregValidator.register('password', 'ajax', {url:'xmlhttp.php?action=complex_password', loading_message:'{$lang->js_validator_password_complexity}'});\n"; 711 } 712 $validator_extra .= "\tregValidator.register('password2', 'matches', {match_field:'password', status_field:'password_status', failure_message:'{$lang->js_validator_password_matches}'});\n"; 713 714 eval("\$passboxes = \"".$templates->get("member_register_password")."\";"); 715 } 716 717 // JS validator extra 718 if($mybb->settings['maxnamelength'] > 0 && $mybb->settings['minnamelength'] > 0) 719 { 720 $lang->js_validator_username_length = $lang->sprintf($lang->js_validator_username_length, $mybb->settings['minnamelength'], $mybb->settings['maxnamelength']); 721 $validator_extra .= "\tregValidator.register('username', 'length', {min: {$mybb->settings['minnamelength']}, max: {$mybb->settings['maxnamelength']}, failure_message:'{$lang->js_validator_username_length}'});\n"; 722 } 723 724 $languages = $lang->get_languages(); 725 $langoptions = ''; 726 foreach($languages as $lname => $language) 727 { 728 $language = htmlspecialchars_uni($language); 729 if($user['language'] == $lname) 730 { 731 $langoptions .= "<option value=\"$lname\" selected=\"selected\">$language</option>\n"; 732 } 733 else 734 { 735 $langoptions .= "<option value=\"$lname\">$language</option>\n"; 736 } 737 } 738 739 $plugins->run_hooks("member_register_end"); 740 741 eval("\$registration = \"".$templates->get("member_register")."\";"); 742 output_page($registration); 743 } 744 } 745 746 if($mybb->input['action'] == "activate") 747 { 748 $plugins->run_hooks("member_activate_start"); 749 750 if($mybb->input['username']) 751 { 752 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1)); 753 $user = $db->fetch_array($query); 754 if(!$user['username']) 755 { 756 error($lang->error_invalidpworusername); 757 } 758 $uid = $user['uid']; 759 } 760 else 761 { 762 $query = $db->simple_select("users", "*", "uid='".intval($mybb->input['uid'])."'"); 763 $user = $db->fetch_array($query); 764 } 765 if($mybb->input['code'] && $user['uid']) 766 { 767 $mybb->settings['awaitingusergroup'] = "5"; 768 $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND (type='r' OR type='e')"); 769 $activation = $db->fetch_array($query); 770 if(!$activation['uid']) 771 { 772 error($lang->error_alreadyactivated); 773 } 774 if($activation['code'] != $mybb->input['code']) 775 { 776 error($lang->error_badactivationcode); 777 } 778 $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND (type='r' OR type='e')"); 779 if($user['usergroup'] == 5 && $activation['type'] != "e") 780 { 781 $db->update_query("users", array("usergroup" => 2), "uid='".$user['uid']."'"); 782 } 783 if($activation['type'] == "e") 784 { 785 $newemail = array( 786 "email" => $db->escape_string($activation['misc']), 787 ); 788 $db->update_query("users", $newemail, "uid='".$user['uid']."'"); 789 $plugins->run_hooks("member_activate_emailupdated"); 790 791 redirect("usercp.php", $lang->redirect_emailupdated); 792 } 793 else 794 { 795 $plugins->run_hooks("member_activate_accountactivated"); 796 797 redirect("index.php", $lang->redirect_accountactivated); 798 } 799 } 800 else 801 { 802 $plugins->run_hooks("member_activate_form"); 803 804 eval("\$activate = \"".$templates->get("member_activate")."\";"); 805 output_page($activate); 806 } 807 } 808 809 if($mybb->input['action'] == "resendactivation") 810 { 811 $plugins->run_hooks("member_resendactivation"); 812 813 if($mybb->settings['regtype'] == "admin") 814 { 815 error($lang->error_activated_by_admin); 816 } 817 if($mybb->user['uid'] && $mybb->user['usergroup'] != 5) 818 { 819 error($lang->error_alreadyactivated); 820 } 821 822 eval("\$activate = \"".$templates->get("member_resendactivation")."\";"); 823 output_page($activate); 824 } 825 826 if($mybb->input['action'] == "do_resendactivation" && $mybb->request_method == "post") 827 { 828 $plugins->run_hooks("member_do_resendactivation_start"); 829 830 if($mybb->settings['regtype'] == "admin") 831 { 832 error($lang->error_activated_by_admin); 833 } 834 835 $query = $db->query(" 836 SELECT u.uid, u.username, u.usergroup, u.email, a.code 837 FROM ".TABLE_PREFIX."users u 838 LEFT JOIN ".TABLE_PREFIX."awaitingactivation a ON (a.uid=u.uid AND a.type='r') 839 WHERE u.email='".$db->escape_string($mybb->input['email'])."' 840 "); 841 $numusers = $db->num_rows($query); 842 if($numusers < 1) 843 { 844 error($lang->error_invalidemail); 845 } 846 else 847 { 848 while($user = $db->fetch_array($query)) 849 { 850 if($user['usergroup'] == 5) 851 { 852 if(!$user['code']) 853 { 854 $user['code'] = random_str(); 855 $now = TIME_NOW; 856 $uid = $user['uid']; 857 $awaitingarray = array( 858 "uid" => $uid, 859 "dateline" => TIME_NOW, 860 "code" => $user['code'], 861 "type" => "r" 862 ); 863 $db->insert_query("awaitingactivation", $awaitingarray); 864 } 865 $username = $user['username']; 866 $email = $user['email']; 867 $activationcode = $user['code']; 868 $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']); 869 $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode); 870 my_mail($email, $emailsubject, $emailmessage); 871 } 872 } 873 $plugins->run_hooks("member_do_resendactivation_end"); 874 875 redirect("index.php", $lang->redirect_activationresent); 876 } 877 } 878 879 if($mybb->input['action'] == "lostpw") 880 { 881 $plugins->run_hooks("member_lostpw"); 882 883 eval("\$lostpw = \"".$templates->get("member_lostpw")."\";"); 884 output_page($lostpw); 885 } 886 887 if($mybb->input['action'] == "do_lostpw" && $mybb->request_method == "post") 888 { 889 $plugins->run_hooks("member_do_lostpw_start"); 890 891 $email = $db->escape_string($email); 892 $query = $db->simple_select("users", "*", "email='".$db->escape_string($mybb->input['email'])."'"); 893 $numusers = $db->num_rows($query); 894 if($numusers < 1) 895 { 896 error($lang->error_invalidemail); 897 } 898 else 899 { 900 while($user = $db->fetch_array($query)) 901 { 902 $db->delete_query("awaitingactivation", "uid='{$user['uid']}' AND type='p'"); 903 $user['activationcode'] = random_str(); 904 $now = TIME_NOW; 905 $uid = $user['uid']; 906 $awaitingarray = array( 907 "uid" => $user['uid'], 908 "dateline" => TIME_NOW, 909 "code" => $user['activationcode'], 910 "type" => "p" 911 ); 912 $db->insert_query("awaitingactivation", $awaitingarray); 913 $username = $user['username']; 914 $email = $user['email']; 915 $activationcode = $user['activationcode']; 916 $emailsubject = $lang->sprintf($lang->emailsubject_lostpw, $mybb->settings['bbname']); 917 $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); 918 my_mail($email, $emailsubject, $emailmessage); 919 } 920 } 921 $plugins->run_hooks("member_do_lostpw_end"); 922 923 redirect("index.php", $lang->redirect_lostpwsent); 924 } 925 926 if($mybb->input['action'] == "resetpassword") 927 { 928 $plugins->run_hooks("member_resetpassword_start"); 929 930 if($mybb->input['username']) 931 { 932 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."'"); 933 $user = $db->fetch_array($query); 934 if(!$user['uid']) 935 { 936 error($lang->error_invalidpworusername); 937 } 938 } 939 else 940 { 941 $query = $db->simple_select("users", "*", "uid='".intval($mybb->input['uid'])."'"); 942 $user = $db->fetch_array($query); 943 } 944 if($mybb->input['code'] && $user['uid']) 945 { 946 $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND type='p'"); 947 $activation = $db->fetch_array($query); 948 $now = TIME_NOW; 949 if($activation['code'] != $mybb->input['code']) 950 { 951 error($lang->error_badlostpwcode); 952 } 953 $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND type='p'"); 954 $username = $user['username']; 955 956 // Generate a new password, then update it 957 $password_length = intval($mybb->settings['minpasswordlength']); 958 959 if($password_length < 8) 960 { 961 $password_length = 8; 962 } 963 964 $password = random_str($password_length); 965 $logindetails = update_password($user['uid'], md5($password), $user['salt']); 966 967 $email = $user['email']; 968 969 $plugins->run_hooks("member_resetpassword_process"); 970 971 $emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']); 972 $emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password); 973 my_mail($email, $emailsubject, $emailmessage); 974 975 $plugins->run_hooks("member_resetpassword_reset"); 976 977 error($lang->redirect_passwordreset); 978 } 979 else 980 { 981 $plugins->run_hooks("member_resetpassword_form"); 982 983 eval("\$activate = \"".$templates->get("member_resetpassword")."\";"); 984 output_page($activate); 985 } 986 } 987 988 $do_captcha = $correct = false; 989 $inline_errors = ""; 990 if($mybb->input['action'] == "do_login" && $mybb->request_method == "post") 991 { 992 $plugins->run_hooks("member_do_login_start"); 993 994 // Checks to make sure the user can login; they haven't had too many tries at logging in. 995 // Is a fatal call if user has had too many tries 996 $logins = login_attempt_check(); 997 $login_text = ''; 998 999 // Did we come from the quick login form 1000 if($mybb->input['quick_login'] == "1" && $mybb->input['quick_password'] && $mybb->input['quick_username']) 1001 { 1002 $mybb->input['password'] = $mybb->input['quick_password']; 1003 $mybb->input['username'] = $mybb->input['quick_username']; 1004 $mybb->input['remember'] = $mybb->input['quick_remember']; 1005 } 1006 1007 if(!username_exists($mybb->input['username'])) 1008 { 1009 my_setcookie('loginattempts', $logins + 1); 1010 error($lang->error_invalidpworusername.$login_text); 1011 } 1012 1013 $query = $db->simple_select("users", "loginattempts", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1)); 1014 $loginattempts = $db->fetch_field($query, "loginattempts"); 1015 1016 $errors = array(); 1017 1018 $user = validate_password_from_username($mybb->input['username'], $mybb->input['password']); 1019 if(!$user['uid']) 1020 { 1021 my_setcookie('loginattempts', $logins + 1); 1022 $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '".$db->escape_string(my_strtolower($mybb->input['username']))."'", 1, true); 1023 1024 $mybb->input['action'] = "login"; 1025 $mybb->input['request_method'] = "get"; 1026 1027 if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1) 1028 { 1029 $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins); 1030 } 1031 1032 $errors[] = $lang->error_invalidpworusername.$login_text; 1033 } 1034 else 1035 { 1036 $correct = true; 1037 } 1038 1039 if($mybb->settings['failedcaptchalogincount'] > 0 && ($loginattempts > $mybb->settings['failedcaptchalogincount'] || intval($mybb->cookies['loginattempts']) > $mybb->settings['failedcaptchalogincount'])) 1040 { 1041 // Show captcha image if enabled 1042 if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng")) 1043 { 1044 // Check their current captcha input - if correct, hide the captcha input area 1045 if($mybb->input['imagestring']) 1046 { 1047 $imagehash = $db->escape_string($mybb->input['imagehash']); 1048 $imagestring = $db->escape_string($mybb->input['imagestring']); 1049 $query = $db->simple_select("captcha", "*", "imagehash='{$imagehash}' AND imagestring='{$imagestring}'"); 1050 $imgcheck = $db->fetch_array($query); 1051 if($imgcheck['dateline'] > 0) 1052 { 1053 $correct = true; 1054 } 1055 else 1056 { 1057 $db->delete_query("captcha", "imagehash='{$imagehash}'"); 1058 $errors[] = $lang->error_regimageinvalid; 1059 } 1060 } 1061 else if($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username']) 1062 { 1063 $errors[] = $lang->error_regimagerequired; 1064 } 1065 else 1066 { 1067 $errors[] = $lang->error_regimagerequired; 1068 } 1069 } 1070 1071 $do_captcha = true; 1072 } 1073 1074 if(!empty($errors)) 1075 { 1076 $mybb->input['action'] = "login"; 1077 $mybb->input['request_method'] = "get"; 1078 1079 $inline_errors = inline_error($errors); 1080 } 1081 else if($correct) 1082 { 1083 if($user['coppauser']) 1084 { 1085 error($lang->error_awaitingcoppa); 1086 } 1087 1088 my_setcookie('loginattempts', 1); 1089 $db->delete_query("sessions", "ip='".$db->escape_string($session->ipaddress)."' AND sid != '".$session->sid."'"); 1090 $newsession = array( 1091 "uid" => $user['uid'], 1092 ); 1093 $db->update_query("sessions", $newsession, "sid='".$session->sid."'"); 1094 1095 $db->update_query("users", array("loginattempts" => 1), "uid='{$user['uid']}'"); 1096 1097 if($mybb->input['remember'] != "yes") 1098 { 1099 $remember = -1; 1100 } 1101 else 1102 { 1103 $remember = null; 1104 } 1105 my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true); 1106 my_setcookie("sid", $session->sid, -1, true); 1107 1108 $plugins->run_hooks("member_do_login_end"); 1109 1110 if($mybb->input['url'] != "" && my_strpos(basename($mybb->input['url']), 'member.php') === false) 1111 { 1112 if((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false) 1113 { 1114 $mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']); 1115 } 1116 1117 $mybb->input['url'] = str_replace('&', '&', $mybb->input['url']); 1118 1119 // Redirect to the URL if it is not member.php 1120 redirect(htmlentities($mybb->input['url']), $lang->redirect_loggedin); 1121 } 1122 else 1123 { 1124 redirect("index.php", $lang->redirect_loggedin); 1125 } 1126 } 1127 else 1128 { 1129 $mybb->input['action'] = "login"; 1130 $mybb->input['request_method'] = "get"; 1131 } 1132 1133 $plugins->run_hooks("member_do_login_end"); 1134 } 1135 1136 if($mybb->input['action'] == "login") 1137 { 1138 $plugins->run_hooks("member_login"); 1139 1140 $member_loggedin_notice = ""; 1141 if($mybb->user['uid'] != 0) 1142 { 1143 $lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid'])); 1144 eval("\$member_loggedin_notice = \"".$templates->get("member_loggedin_notice")."\";"); 1145 } 1146 1147 // Checks to make sure the user can login; they haven't had too many tries at logging in. 1148 // Is a fatal call if user has had too many tries 1149 login_attempt_check(); 1150 1151 // Redirect to the page where the user came from, but not if that was the login page. 1152 if($_SERVER['HTTP_REFERER'] && strpos($_SERVER['HTTP_REFERER'], "action=login") === false) 1153 { 1154 $redirect_url = htmlentities($_SERVER['HTTP_REFERER']); 1155 } 1156 else 1157 { 1158 $redirect_url = ''; 1159 } 1160 1161 $captcha = ""; 1162 // Show captcha image for guests if enabled 1163 if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && $do_captcha == true) 1164 { 1165 $randomstr = random_str(5); 1166 $imagehash = md5(random_str(12)); 1167 $imagearray = array( 1168 "imagehash" => $imagehash, 1169 "imagestring" => $randomstr, 1170 "dateline" => TIME_NOW 1171 ); 1172 $db->insert_query("captcha", $imagearray); 1173 eval("\$captcha = \"".$templates->get("post_captcha")."\";"); 1174 } 1175 1176 $username = ""; 1177 $password = ""; 1178 if($mybb->input['username'] && $mybb->request_method == "post") 1179 { 1180 $username = htmlspecialchars_uni($mybb->input['username']); 1181 } 1182 1183 if($mybb->input['password'] && $mybb->request_method == "post") 1184 { 1185 $password = htmlspecialchars_uni($mybb->input['password']); 1186 } 1187 1188 eval("\$login = \"".$templates->get("member_login")."\";"); 1189 output_page($login); 1190 } 1191 1192 if($mybb->input['action'] == "logout") 1193 { 1194 $plugins->run_hooks("member_logout_start"); 1195 1196 if(!$mybb->user['uid']) 1197 { 1198 redirect("index.php", $lang->redirect_alreadyloggedout); 1199 } 1200 1201 // Check session ID if we have one 1202 if($mybb->input['sid'] && $mybb->input['sid'] != $session->sid) 1203 { 1204 error($lang->error_notloggedout); 1205 } 1206 // Otherwise, check logoutkey 1207 else if(!$mybb->input['sid'] && $mybb->input['logoutkey'] != $mybb->user['logoutkey']) 1208 { 1209 error($lang->error_notloggedout); 1210 } 1211 1212 my_unsetcookie("mybbuser"); 1213 my_unsetcookie("sid"); 1214 if($mybb->user['uid']) 1215 { 1216 $time = TIME_NOW; 1217 $lastvisit = array( 1218 "lastactive" => $time-900, 1219 "lastvisit" => $time, 1220 ); 1221 $db->update_query("users", $lastvisit, "uid='".$mybb->user['uid']."'"); 1222 $db->delete_query("sessions", "sid='".$session->sid."'"); 1223 } 1224 $plugins->run_hooks("member_logout_end"); 1225 redirect("index.php", $lang->redirect_loggedout); 1226 } 1227 1228 if($mybb->input['action'] == "profile") 1229 { 1230 $plugins->run_hooks("member_profile_start"); 1231 1232 if($mybb->usergroup['canviewprofiles'] == 0) 1233 { 1234 error_no_permission(); 1235 } 1236 if($mybb->input['uid'] == "lastposter") 1237 { 1238 if($mybb->input['tid']) 1239 { 1240 $query = $db->simple_select("posts", "uid", "tid='".intval($mybb->input['tid'])."' AND visible = 1", array('order_by' => 'dateline', 'order_dir' => 'DESC', 'limit' => '1')); 1241 $post = $db->fetch_array($query); 1242 $uid = $post['uid']; 1243 } 1244 elseif($mybb->input['fid']) 1245 { 1246 $flist = ''; 1247 switch($db->type) 1248 { 1249 case "pgsql": 1250 case "sqlite": 1251 $query = $db->simple_select("forums", "fid", "INSTR(','||parentlist||',',',".intval($mybb->input['fid']).",') > 0"); 1252 break; 1253 default: 1254 $query = $db->simple_select("forums", "fid", "INSTR(CONCAT(',',parentlist,','),',".intval($mybb->input['fid']).",') > 0"); 1255 } 1256 1257 while($forum = $db->fetch_array($query)) 1258 { 1259 if($forum['fid'] == $mybb->input['fid']) 1260 { 1261 $theforum = $forum; 1262 } 1263 $flist .= ",".$forum['fid']; 1264 } 1265 $query = $db->simple_select("threads", "tid", "fid IN (0$flist) AND visible = 1", array('order_by' => 'lastpost', 'order_dir' => 'DESC', 'limit' => '1')); 1266 $thread = $db->fetch_array($query); 1267 $tid = $thread['tid']; 1268 $query = $db->simple_select("posts", "uid", "tid='$tid' AND visible = 1", array('order_by' => 'dateline', 'order_dir' => 'DESC', 'limit' => '1')); 1269 $post = $db->fetch_array($query); 1270 $uid = $post['uid']; 1271 } 1272 } 1273 else 1274 { 1275 if($mybb->input['uid']) 1276 { 1277 $uid = intval($mybb->input['uid']); 1278 } 1279 else 1280 { 1281 $uid = $mybb->user['uid']; 1282 } 1283 } 1284 1285 if($mybb->user['uid'] != $uid) 1286 { 1287 $memprofile = get_user($uid); 1288 } 1289 else 1290 { 1291 $memprofile = $mybb->user; 1292 } 1293 1294 $lang->profile = $lang->sprintf($lang->profile, $memprofile['username']); 1295 1296 if(!$memprofile['uid']) 1297 { 1298 error($lang->error_nomember); 1299 } 1300 1301 // Get member's permissions 1302 $memperms = user_permissions($memprofile['uid']); 1303 1304 $lang->nav_profile = $lang->sprintf($lang->nav_profile, $memprofile['username']); 1305 add_breadcrumb($lang->nav_profile); 1306 1307 $lang->users_forum_info = $lang->sprintf($lang->users_forum_info, $memprofile['username']); 1308 $lang->users_contact_details = $lang->sprintf($lang->users_contact_details, $memprofile['username']); 1309 1310 if($mybb->settings['enablepms'] != 0 && $memprofile['receivepms'] != 0 && $memperms['canusepms'] != 0 && my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false) 1311 { 1312 $lang->send_pm = $lang->sprintf($lang->send_pm, $memprofile['username']); 1313 } 1314 else 1315 { 1316 $lang->send_pm = ''; 1317 } 1318 $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']); 1319 $lang->users_additional_info = $lang->sprintf($lang->users_additional_info, $memprofile['username']); 1320 $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']); 1321 $lang->send_user_email = $lang->sprintf($lang->send_user_email, $memprofile['username']); 1322 1323 if($memprofile['avatar']) 1324 { 1325 $memprofile['avatar'] = htmlspecialchars_uni($memprofile['avatar']); 1326 $avatar_dimensions = explode("|", $memprofile['avatardimensions']); 1327 if($avatar_dimensions[0] && $avatar_dimensions[1]) 1328 { 1329 $avatar_width_height = "width=\"{$avatar_dimensions[0]}\" height=\"{$avatar_dimensions[1]}\""; 1330 } 1331 $avatar = "<img src=\"{$memprofile['avatar']}\" alt=\"\" $avatar_width_height />"; 1332 } 1333 else 1334 { 1335 $avatar = ''; 1336 } 1337 1338 if($memprofile['hideemail'] != 1) 1339 { 1340 eval("\$sendemail = \"".$templates->get("member_profile_email")."\";"); 1341 } 1342 else 1343 { 1344 $alttrow = "trow1"; // To properly sort the contact details below 1345 $sendemail = ''; 1346 } 1347 1348 // Clean alt_trow for the contact details 1349 $cat_array = array( 1350 "pm", 1351 "icq", 1352 "aim", 1353 "yahoo", 1354 "msn", 1355 ); 1356 1357 $bgcolors = array(); 1358 foreach($cat_array as $cat) 1359 { 1360 $bgcolors[$cat] = alt_trow(); 1361 } 1362 1363 if($memprofile['website']) 1364 { 1365 $memprofile['website'] = htmlspecialchars_uni($memprofile['website']); 1366 $website = "<a href=\"{$memprofile['website']}\" target=\"_blank\">{$memprofile['website']}</a>"; 1367 } 1368 else 1369 { 1370 $website = ''; 1371 } 1372 1373 if($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW)) 1374 { 1375 $sig_parser = array( 1376 "allow_html" => $mybb->settings['sightml'], 1377 "allow_mycode" => $mybb->settings['sigmycode'], 1378 "allow_smilies" => $mybb->settings['sigsmilies'], 1379 "allow_imgcode" => $mybb->settings['sigimgcode'], 1380 "me_username" => $memprofile['username'] 1381 ); 1382 1383 $memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser); 1384 eval("\$signature = \"".$templates->get("member_profile_signature")."\";"); 1385 } 1386 1387 $daysreg = (TIME_NOW - $memprofile['regdate']) / (24*3600); 1388 1389 if($daysreg < 1) 1390 { 1391 $daysreg = 1; 1392 } 1393 1394 $ppd = $memprofile['postnum'] / $daysreg; 1395 $ppd = round($ppd, 2); 1396 if($ppd > $memprofile['postnum']) 1397 { 1398 $ppd = $memprofile['postnum']; 1399 } 1400 $stats = $cache->read("stats"); 1401 $numposts = $stats['numposts']; 1402 if($numposts == 0) 1403 { 1404 $percent = "0"; 1405 } 1406 else 1407 { 1408 $percent = $memprofile['postnum']*100/$numposts; 1409 $percent = round($percent, 2); 1410 } 1411 1412 if($percent > 100) 1413 { 1414 $percent = 100; 1415 } 1416 1417 if(!empty($memprofile['icq'])) 1418 { 1419 $memprofile['icq'] = intval($memprofile['icq']); 1420 } 1421 else 1422 { 1423 $memprofile['icq'] = ''; 1424 } 1425 1426 if($memprofile['away'] == 1 && $mybb->settings['allowaway'] != 0) 1427 { 1428 $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']); 1429 $awaydate = my_date($mybb->settings['dateformat'], $memprofile['awaydate']); 1430 if(!empty($memprofile['awayreason'])) 1431 { 1432 $awayreason = htmlspecialchars_uni($memprofile['awayreason']); 1433 } 1434 else 1435 { 1436 $awayreason = $lang->away_no_reason; 1437 } 1438 if($memprofile['returndate'] == '') 1439 { 1440 $returndate = "$lang->unknown"; 1441 } 1442 else 1443 { 1444 $returnhome = explode("-", $memprofile['returndate']); 1445 1446 // PHP native date functions use integers so timestamps for years after 2038 will not work 1447 // Thus we use adodb_mktime 1448 if($returnhome[2] >= 2038) 1449 { 1450 require_once MYBB_ROOT."inc/functions_time.php"; 1451 $returnmkdate = adodb_mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]); 1452 $returndate = my_date($mybb->settings['dateformat'], $returnmkdate, "", 1, true); 1453 } 1454 else 1455 { 1456 $returnmkdate = mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]); 1457 $returndate = my_date($mybb->settings['dateformat'], $returnmkdate); 1458 } 1459 1460 // If our away time has expired already, we should be back, right? 1461 if ($returnmkdate < TIME_NOW) 1462 { 1463 $db->update_query('users', array('away' => '0', 'awaydate' => '', 'returndate' => '', 'awayreason' => ''), 'uid=\''.intval($memprofile['uid']).'\''); 1464 1465 // Update our status to "not away" 1466 $memprofile['away'] = 0; 1467 } 1468 } 1469 1470 // Check if our away status is set to 1, it may have been updated already (see a few lines above) 1471 if ($memprofile['away'] == 1) 1472 { 1473 eval("\$awaybit = \"".$templates->get("member_profile_away")."\";"); 1474 } 1475 } 1476 if($memprofile['dst'] == 1) 1477 { 1478 $memprofile['timezone']++; 1479 if(my_substr($memprofile['timezone'], 0, 1) != "-") 1480 { 1481 $memprofile['timezone'] = "+{$memprofile['timezone']}"; 1482 } 1483 } 1484 $memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']); 1485 $memlocaldate = gmdate($mybb->settings['dateformat'], TIME_NOW + ($memprofile['timezone'] * 3600)); 1486 $memlocaltime = gmdate($mybb->settings['timeformat'], TIME_NOW + ($memprofile['timezone'] * 3600)); 1487 1488 $localtime = $lang->sprintf($lang->local_time_format, $memlocaldate, $memlocaltime); 1489 1490 if($memprofile['lastactive']) 1491 { 1492 $memlastvisitdate = my_date($mybb->settings['dateformat'], $memprofile['lastactive']); 1493 $memlastvisitsep = $lang->comma; 1494 $memlastvisittime = my_date($mybb->settings['timeformat'], $memprofile['lastactive']); 1495 } 1496 else 1497 { 1498 $memlastvisitdate = $lang->lastvisit_never; 1499 $memlastvisitsep = ''; 1500 $memlastvisittime = ''; 1501 } 1502 1503 if($memprofile['birthday']) 1504 { 1505 $membday = explode("-", $memprofile['birthday']); 1506 1507 if($memprofile['birthdayprivacy'] != 'none') 1508 { 1509 if($membday[0] && $membday[1] && $membday[2]) 1510 { 1511 $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday'])); 1512 1513 if($membday[2] >= 1970) 1514 { 1515 $w_day = date("l", mktime(0, 0, 0, $membday[1], $membday[0], $membday[2])); 1516 $membday = format_bdays($mybb->settings['dateformat'], $membday[1], $membday[0], $membday[2], $w_day); 1517 } 1518 else 1519 { 1520 $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]); 1521 $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]); 1522 $membday = date($bdayformat, $membday); 1523 } 1524 $membdayage = $lang->membdayage; 1525 } 1526 elseif($membday[2]) 1527 { 1528 $membday = mktime(0, 0, 0, 1, 1, $membday[2]); 1529 $membday = date("Y", $membday); 1530 $membdayage = ''; 1531 } 1532 else 1533 { 1534 $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0); 1535 $membday = date("F j", $membday); 1536 $membdayage = ''; 1537 } 1538 } 1539 1540 if($memprofile['birthdayprivacy'] == 'age') 1541 { 1542 $membday = $lang->birthdayhidden; 1543 } 1544 else if($memprofile['birthdayprivacy'] == 'none') 1545 { 1546 $membday = $lang->birthdayhidden; 1547 $membdayage = ''; 1548 } 1549 } 1550 else 1551 { 1552 $membday = $lang->not_specified; 1553 $membdayage = ''; 1554 } 1555 1556 if(!$memprofile['displaygroup']) 1557 { 1558 $memprofile['displaygroup'] = $memprofile['usergroup']; 1559 } 1560 1561 // Grab the following fields from the user's displaygroup 1562 $displaygroupfields = array( 1563 "title", 1564 "usertitle", 1565 "stars", 1566 "starimage", 1567 "image", 1568 "usereputationsystem" 1569 ); 1570 $displaygroup = usergroup_displaygroup($memprofile['displaygroup']); 1571 1572 // Get the user title for this user 1573 unset($usertitle); 1574 unset($stars); 1575 if(trim($memprofile['usertitle']) != '') 1576 { 1577 // User has custom user title 1578 $usertitle = $memprofile['usertitle']; 1579 } 1580 elseif(trim($displaygroup['usertitle']) != '') 1581 { 1582 // User has group title 1583 $usertitle = $displaygroup['usertitle']; 1584 } 1585 else 1586 { 1587 // No usergroup title so get a default one 1588 $query = $db->simple_select("usertitles", "*", "", array('order_by' => 'posts', 'order_dir' => 'DESC')); 1589 while($title = $db->fetch_array($query)) 1590 { 1591 if($memprofile['postnum'] >= $title['posts']) 1592 { 1593 $usertitle = $title['title']; 1594 $stars = $title['stars']; 1595 $starimage = $title['starimage']; 1596 break; 1597 } 1598 } 1599 } 1600 1601 if($displaygroup['stars'] || $displaygroup['usertitle']) 1602 { 1603 // Set the number of stars if display group has constant number of stars 1604 $stars = $displaygroup['stars']; 1605 } 1606 elseif(!$stars) 1607 { 1608 // This is for cases where the user has a title, but the group has no defined number of stars (use number of stars as per default usergroups) 1609 $query = $db->simple_select("usertitles", "*", "", array('order_by' => 'posts', 'order_dir' => 'DESC')); 1610 while($title = $db->fetch_array($query)) 1611 { 1612 if($memprofile['postnum'] >= $title['posts']) 1613 { 1614 $stars = $title['stars']; 1615 $starimage = $title['starimage']; 1616 break; 1617 } 1618 } 1619 } 1620 1621 if(!empty($displaygroup['image'])) 1622 { 1623 if(!empty($mybb->user['language'])) 1624 { 1625 $language = $mybb->user['language']; 1626 } 1627 else 1628 { 1629 $language = $mybb->settings['bblanguage']; 1630 } 1631 $displaygroup['image'] = str_replace("{lang}", $language, $displaygroup['image']); 1632 $displaygroup['image'] = str_replace("{theme}", $theme['imgdir'], $displaygroup['image']); 1633 eval("\$groupimage = \"".$templates->get("member_profile_groupimage")."\";"); 1634 } 1635 1636 if(!$starimage) 1637 { 1638 $starimage = $displaygroup['starimage']; 1639 } 1640 1641 if($starimage) 1642 { 1643 // Only display stars if we have an image to use... 1644 $starimage = str_replace("{theme}", $theme['imgdir'], $starimage); 1645 $userstars = ''; 1646 for($i = 0; $i < $stars; ++$i) 1647 { 1648 $userstars .= "<img src=\"$starimage\" border=\"0\" alt=\"*\" />"; 1649 } 1650 } 1651 1652 // User is currently online and this user has permissions to view the user on the WOL 1653 $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60; 1654 $query = $db->simple_select("sessions", "location,nopermission", "uid='$uid' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1)); 1655 $session = $db->fetch_array($query); 1656 1657 if(($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid']) && !empty($session)) 1658 { 1659 // Fetch their current location 1660 $lang->load("online"); 1661 require_once MYBB_ROOT."inc/functions_online.php"; 1662 $activity = fetch_wol_activity($session['location'], $session['nopermission']); 1663 $location = build_friendly_wol_location($activity); 1664 $location_time = my_date($mybb->settings['timeformat'], $memprofile['lastactive']); 1665 1666 eval("\$online_status = \"".$templates->get("member_profile_online")."\";"); 1667 } 1668 // User is offline 1669 else 1670 { 1671 eval("\$online_status = \"".$templates->get("member_profile_offline")."\";"); 1672 } 1673 1674 // Build Referral 1675 if($mybb->settings['usereferrals'] == 1) 1676 { 1677 // Reset the background colours to keep it inline 1678 $bg_color = alt_trow(true); 1679 1680 eval("\$referrals = \"".$templates->get("member_profile_referrals")."\";"); 1681 } 1682 else 1683 { 1684 // Manually set to override colours... 1685 $alttrow = 'trow2'; 1686 } 1687 1688 // Fetch the reputation for this user 1689 if($memperms['usereputationsystem'] == 1 && $displaygroup['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1 && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep'])) 1690 { 1691 $bg_color = alt_trow(); 1692 $reputation = get_reputation($memprofile['reputation']); 1693 1694 // If this user has permission to give reputations show the vote link 1695 if($mybb->usergroup['cangivereputations'] == 1 && $memprofile['uid'] != $mybb->user['uid']) 1696 { 1697 $vote_link = "[<a href=\"javascript:MyBB.reputation({$memprofile['uid']});\">{$lang->reputation_vote}</a>]"; 1698 } 1699 1700 eval("\$reputation = \"".$templates->get("member_profile_reputation")."\";"); 1701 } 1702 1703 if($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || ($mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0))) 1704 { 1705 $bg_color = alt_trow(); 1706 $warning_level = round($memprofile['warningpoints']/$mybb->settings['maxwarningpoints']*100); 1707 if($warning_level > 100) 1708 { 1709 $warning_level = 100; 1710 } 1711 $warning_level = get_colored_warning_level($warning_level); 1712 if($mybb->usergroup['canwarnusers'] != 0 && $memprofile['uid'] != $mybb->user['uid']) 1713 { 1714 eval("\$warn_user = \"".$templates->get("member_profile_warn")."\";"); 1715 $warning_link = "warnings.php?uid={$memprofile['uid']}"; 1716 } 1717 else 1718 { 1719 $warning_link = "usercp.php"; 1720 } 1721 eval("\$warning_level = \"".$templates->get("member_profile_warninglevel")."\";"); 1722 } 1723 1724 $query = $db->simple_select("userfields", "*", "ufid='$uid'"); 1725 $userfields = $db->fetch_array($query); 1726 $customfields = ''; 1727 $bgcolor = "trow1"; 1728 $alttrow = "trow1"; 1729 // If this user is an Administrator or a Moderator then we wish to show all profile fields 1730 if($mybb->usergroup['cancp'] == 1 || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['canmodcp'] == 1) 1731 { 1732 $field_hidden = '1=1'; 1733 } 1734 else 1735 { 1736 $field_hidden = "hidden=0"; 1737 } 1738 $query = $db->simple_select("profilefields", "*", "{$field_hidden}", array('order_by' => 'disporder')); 1739 while($customfield = $db->fetch_array($query)) 1740 { 1741 $thing = explode("\n", $customfield['type'], "2"); 1742 $type = trim($thing[0]); 1743 1744 $field = "fid{$customfield['fid']}"; 1745 $useropts = explode("\n", $userfields[$field]); 1746 $customfieldval = $comma = ''; 1747 if(is_array($useropts) && ($type == "multiselect" || $type == "checkbox")) 1748 { 1749 foreach($useropts as $val) 1750 { 1751 if($val != '') 1752 { 1753 $customfieldval .= "<li style=\"margin-left: 0;\">{$val}</li>"; 1754 } 1755 } 1756 if($customfieldval != '') 1757 { 1758 $customfieldval = "<ul style=\"margin: 0; padding-left: 15px;\">{$customfieldval}</ul>"; 1759 } 1760 } 1761 else 1762 { 1763 if($customfield['type'] == "textarea") 1764 { 1765 $customfieldval = nl2br(htmlspecialchars_uni($userfields[$field])); 1766 } 1767 else 1768 { 1769 $customfieldval = htmlspecialchars_uni($userfields[$field]); 1770 } 1771 } 1772 1773 $customfield['name'] = htmlspecialchars_uni($customfield['name']); 1774 eval("\$customfields .= \"".$templates->get("member_profile_customfields_field")."\";"); 1775 $bgcolor = alt_trow(); 1776 } 1777 if($customfields) 1778 { 1779 eval("\$profilefields = \"".$templates->get("member_profile_customfields")."\";"); 1780 } 1781 $memprofile['postnum'] = my_number_format($memprofile['postnum']); 1782 $lang->ppd_percent_total = $lang->sprintf($lang->ppd_percent_total, my_number_format($ppd), $percent); 1783 $formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']); 1784 if($memprofile['timeonline'] > 0) 1785 { 1786 $timeonline = nice_time($memprofile['timeonline']); 1787 } 1788 else 1789 { 1790 $timeonline = $lang->none_registered; 1791 } 1792 1793 if($mybb->usergroup['cancp'] == 1 && $mybb->config['hide_admin_links'] != 1) 1794 { 1795 eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions")."\";"); 1796 } 1797 else 1798 { 1799 $adminoptions = ''; 1800 } 1801 1802 if($mybb->usergroup['canmodcp'] == 1) 1803 { 1804 $memprofile['usernotes'] = nl2br(htmlspecialchars_uni($memprofile['usernotes'])); 1805 1806 if(!empty($memprofile['usernotes'])) 1807 { 1808 if(strlen($memprofile['usernotes']) > 100) 1809 { 1810 $memprofile['usernotes'] = my_substr($memprofile['usernotes'], 0, 100).'...'; 1811 } 1812 } 1813 else 1814 { 1815 $memprofile['usernotes'] = $lang->no_usernotes; 1816 } 1817 1818 eval("\$modoptions = \"".$templates->get("member_profile_modoptions")."\";"); 1819 } 1820 else 1821 { 1822 $modoptions = ''; 1823 } 1824 1825 $buddy_options = ''; 1826 1827 if($mybb->user['uid'] != $memprofile['uid'] && $mybb->user['uid'] != 0) 1828 { 1829 $buddy_list = explode(',', $mybb->user['buddylist']); 1830 if(in_array($mybb->input['uid'], $buddy_list)) 1831 { 1832 $buddy_options = "<br /><a href=\"./usercp.php?action=do_editlists&delete={$mybb->input['uid']}&my_post_key={$mybb->post_code}\"><img src=\"{$theme['imgdir']}/remove_buddy.gif\" alt=\"{$lang->remove_from_buddy_list}\" /> {$lang->remove_from_buddy_list}</a>"; 1833 } 1834 else 1835 { 1836 $buddy_options = "<br /><a href=\"./usercp.php?action=do_editlists&add_username=".urlencode($memprofile['username'])."&my_post_key={$mybb->post_code}\"><img src=\"{$theme['imgdir']}/add_buddy.gif\" alt=\"{$lang->add_to_buddy_list}\" /> {$lang->add_to_buddy_list}</a>"; 1837 } 1838 1839 $ignore_list = explode(',', $mybb->user['ignorelist']); 1840 if(in_array($mybb->input['uid'], $ignore_list)) 1841 { 1842 $buddy_options .= "<br /><a href=\"./usercp.php?action=do_editlists&manage=ignored&delete={$mybb->input['uid']}&my_post_key={$mybb->post_code}\"><img src=\"{$theme['imgdir']}/remove_ignore.gif\" alt=\"{$lang->remove_from_ignore_list}\" /> {$lang->remove_from_ignore_list}</a>"; 1843 } 1844 else 1845 { 1846 $buddy_options .= "<br /><a href=\"./usercp.php?action=do_editlists&manage=ignored&add_username=".urlencode($memprofile['username'])."&my_post_key={$mybb->post_code}\"><img src=\"{$theme['imgdir']}/add_ignore.gif\" alt=\"{$lang->add_to_ignore_list}\" /> {$lang->add_to_ignore_list}</a>"; 1847 } 1848 } 1849 1850 $plugins->run_hooks("member_profile_end"); 1851 1852 eval("\$profile = \"".$templates->get("member_profile")."\";"); 1853 output_page($profile); 1854 } 1855 1856 if($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post") 1857 { 1858 // Verify incoming POST request 1859 verify_post_check($mybb->input['my_post_key']); 1860 1861 $plugins->run_hooks("member_do_emailuser_start"); 1862 1863 // Guests or those without permission can't email other users 1864 if($mybb->usergroup['cansendemail'] == 0 || !$mybb->user['uid']) 1865 { 1866 error_no_permission(); 1867 } 1868 1869 // Check group limits 1870 if($mybb->usergroup['maxemails'] > 0) 1871 { 1872 $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "fromuid='{$mybb->user['uid']}' AND dateline >= '".(TIME_NOW - (60*60*24))."'"); 1873 $sent_count = $db->fetch_field($query, "sent_count"); 1874 if($sent_count >= $mybb->usergroup['maxemails']) 1875 { 1876 $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']); 1877 error($lang->error_max_emails_day); 1878 } 1879 } 1880 1881 $query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".intval($mybb->input['uid'])."'"); 1882 $to_user = $db->fetch_array($query); 1883 1884 if(!$to_user['username']) 1885 { 1886 error($lang->error_invalidusername); 1887 } 1888 1889 if($to_user['hideemail'] != 0) 1890 { 1891 error($lang->error_hideemail); 1892 } 1893 1894 if(empty($mybb->input['subject'])) 1895 { 1896 $errors[] = $lang->error_no_email_subject; 1897 } 1898 1899 if(empty($mybb->input['message'])) 1900 { 1901 $errors[] = $lang->error_no_email_message; 1902 } 1903 1904 if(count($errors) == 0) 1905 { 1906 if($mybb->settings['mail_handler'] == 'smtp') 1907 { 1908 $from = $mybb->user['email']; 1909 } 1910 else 1911 { 1912 $from = "{$mybb->user['username']} <{$mybb->user['email']}>"; 1913 } 1914 1915 $message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->input['message']); 1916 my_mail($to_user['email'], $mybb->input['subject'], $message, $from, "", "", false, "text", "", $mybb->user['email']); 1917 1918 if($mybb->settings['mail_logging'] > 0) 1919 { 1920 // Log the message 1921 $log_entry = array( 1922 "subject" => $db->escape_string($mybb->input['subject']), 1923 "message" => $db->escape_string($mybb->input['message']), 1924 "dateline" => TIME_NOW, 1925 "fromuid" => $mybb->user['uid'], 1926 "fromemail" => $db->escape_string($mybb->user['email']), 1927 "touid" => $to_user['uid'], 1928 "toemail" => $db->escape_string($to_user['email']), 1929 "tid" => 0, 1930 "ipaddress" => $db->escape_string($session->ipaddress) 1931 ); 1932 $db->insert_query("maillogs", $log_entry); 1933 } 1934 1935 $plugins->run_hooks("member_do_emailuser_end"); 1936 1937 redirect(get_profile_link($to_user['uid']), $lang->redirect_emailsent); 1938 } 1939 else 1940 { 1941 $mybb->input['action'] = "emailuser"; 1942 } 1943 } 1944 1945 if($mybb->input['action'] == "emailuser") 1946 { 1947 $plugins->run_hooks("member_emailuser_start"); 1948 1949 // Guests or those without permission can't email other users 1950 if($mybb->usergroup['cansendemail'] == 0 || !$mybb->user['uid']) 1951 { 1952 error_no_permission(); 1953 } 1954 1955 // Check group limits 1956 if($mybb->usergroup['maxemails'] > 0) 1957 { 1958 $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "fromuid='{$mybb->user['uid']}' AND dateline >= '".(TIME_NOW - (60*60*24))."'"); 1959 $sent_count = $db->fetch_field($query, "sent_count"); 1960 if($sent_count > $mybb->usergroup['maxemails']) 1961 { 1962 $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']); 1963 error($lang->error_max_emails_day); 1964 } 1965 } 1966 1967 $query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".intval($mybb->input['uid'])."'"); 1968 $to_user = $db->fetch_array($query); 1969 1970 $lang->email_user = $lang->sprintf($lang->email_user, $to_user['username']); 1971 1972 if(!$to_user['uid']) 1973 { 1974 error($lang->error_invaliduser); 1975 } 1976 1977 if($to_user['hideemail'] != 0) 1978 { 1979 error($lang->error_hideemail); 1980 } 1981 1982 if(count($errors) > 0) 1983 { 1984 $errors = inline_error($errors); 1985 $subject = htmlspecialchars_uni($mybb->input['subject']); 1986 $message = htmlspecialchars_uni($mybb->input['message']); 1987 } 1988 else 1989 { 1990 $errors = ''; 1991 $subject = ''; 1992 $message = ''; 1993 } 1994 1995 $plugins->run_hooks("member_emailuser_end"); 1996 1997 eval("\$emailuser = \"".$templates->get("member_emailuser")."\";"); 1998 output_page($emailuser); 1999 } 2000 2001 if(!$mybb->input['action']) 2002 { 2003 header("Location: index.php"); 2004 } 2005 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Jan 1 10:49:49 2012 | Cross-referenced by PHPXref 0.7.1 |