mirror of
https://github.com/e107inc/e107.git
synced 2025-07-24 08:22:07 +02:00
Password options for logon, email login option, random user name/PW generation, Bugtracker #4393 and possibly others previously added to 0.7
This commit is contained in:
e107steved
43
class2.php
43
class2.php
@@ -11,8 +11,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/class2.php,v $
|
||||
| $Revision: 1.59 $
|
||||
| $Date: 2008-05-29 21:12:42 $
|
||||
| $Revision: 1.60 $
|
||||
| $Date: 2008-06-13 20:20:20 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -429,6 +429,15 @@ $tp->sch_load();
|
||||
if ($pref['user_tracking'] == "session")
|
||||
{
|
||||
session_start();
|
||||
if (!isset($_SESSION['challenge']))
|
||||
{ // New session
|
||||
$_SESSION['challenge'] = sha1(time().session_id()); // Create a unique challenge string for CHAP login
|
||||
}
|
||||
$ubrowser = md5('E107'.$_SERVER['HTTP_USER_AGENT']);
|
||||
if (!isset($_SESSION['ubrowser']))
|
||||
{
|
||||
$_SESSION['ubrowser'] = $ubrowser;
|
||||
}
|
||||
}
|
||||
|
||||
define("e_SELF", ($pref['ssl_enabled'] == '1' ? "https://".$_SERVER['HTTP_HOST'] : "http://".$_SERVER['HTTP_HOST']) . ($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_FILENAME']));
|
||||
@@ -765,12 +774,14 @@ if ($pref['maintainance_flag'] && ADMIN == FALSE && strpos(e_SELF, "admin.php")
|
||||
|
||||
$sql->db_Mark_Time('(Start: Login/logout/ban/tz)');
|
||||
|
||||
if (isset($_POST['userlogin']) || isset($_POST['userlogin_x'])) {
|
||||
if (isset($_POST['userlogin']) || isset($_POST['userlogin_x']))
|
||||
{
|
||||
e107_require_once(e_HANDLER."login.php");
|
||||
$usr = new userlogin($_POST['username'], $_POST['userpass'], $_POST['autologin']);
|
||||
$usr = new userlogin($_POST['username'], $_POST['userpass'], $_POST['autologin'],varset($_POST['hashchallenge'],''));
|
||||
}
|
||||
|
||||
if (e_QUERY == 'logout')
|
||||
if ((e_QUERY == 'logout') || (($pref['user_tracking'] == "session") && isset($_SESSION['ubrowser']) && ($_SESSION['ubrowser'] != $ubrowser)))
|
||||
//if (e_QUERY == 'logout')
|
||||
{
|
||||
if (USER)
|
||||
{
|
||||
@@ -1272,6 +1283,7 @@ function init_session() {
|
||||
if (!isset($_COOKIE[e_COOKIE]) && !isset($_SESSION[e_COOKIE]) && !isset($_E107['cli']))
|
||||
{
|
||||
define("USER", FALSE);
|
||||
define('USERID', 0);
|
||||
define("USERTHEME", FALSE);
|
||||
define("ADMIN", FALSE);
|
||||
define("GUEST", TRUE);
|
||||
@@ -1289,12 +1301,14 @@ function init_session() {
|
||||
list($uid, $upw)= explode(".", $cli_log);
|
||||
}
|
||||
|
||||
if (empty($uid) || empty($upw)) {
|
||||
if (empty($uid) || empty($upw))
|
||||
{
|
||||
cookie(e_COOKIE, "", (time() - 2592000));
|
||||
$_SESSION[e_COOKIE] = "";
|
||||
session_destroy();
|
||||
define("ADMIN", FALSE);
|
||||
define("USER", FALSE);
|
||||
define('USERID', 0);
|
||||
define("USERCLASS", "");
|
||||
define("LOGINMESSAGE",CORE_LAN10."<br /><br />");
|
||||
return (FALSE);
|
||||
@@ -1344,25 +1358,32 @@ function init_session() {
|
||||
|
||||
$user_pref = ($result['user_prefs']) ? unserialize($result['user_prefs']) : '';
|
||||
|
||||
if (isset($_POST['settheme'])) {
|
||||
if (isset($_POST['settheme']))
|
||||
{
|
||||
$user_pref['sitetheme'] = ($pref['sitetheme'] == $_POST['sitetheme'] ? "" : $_POST['sitetheme']);
|
||||
save_prefs("user");
|
||||
}
|
||||
|
||||
define("USERTHEME", (isset($user_pref['sitetheme']) && file_exists(e_THEME.$user_pref['sitetheme']."/theme.php") ? $user_pref['sitetheme'] : FALSE));
|
||||
global $ADMIN_DIRECTORY, $PLUGINS_DIRECTORY;
|
||||
if ($result['user_admin']) {
|
||||
if ($result['user_admin'])
|
||||
{
|
||||
define("ADMIN", TRUE);
|
||||
define("ADMINID", $result['user_id']);
|
||||
define("ADMINNAME", $result['user_name']);
|
||||
define("ADMINPERMS", $result['user_perms']);
|
||||
define("ADMINEMAIL", $result['user_email']);
|
||||
define("ADMINPWCHANGE", $result['user_pwchange']);
|
||||
} else {
|
||||
}
|
||||
else
|
||||
{
|
||||
define("ADMIN", FALSE);
|
||||
}
|
||||
} else {
|
||||
}
|
||||
else
|
||||
{
|
||||
define("USER", FALSE);
|
||||
define('USERID', 0);
|
||||
define("USERTHEME", FALSE);
|
||||
define("ADMIN", FALSE);
|
||||
define("CORRUPT_COOKIE", TRUE);
|
||||
@@ -1375,6 +1396,8 @@ function init_session() {
|
||||
define('e_NOBODY_REGEXP', "(^|,)".e_UC_NOBODY."(,|$)");
|
||||
}
|
||||
|
||||
|
||||
|
||||
$sql->db_Mark_Time('Start: Go online');
|
||||
if(!isset($_E107['no_online']) && varset($pref['track_online']))
|
||||
{
|
||||
|
||||
@@ -11,9 +11,9 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_admin/auth.php,v $
|
||||
| $Revision: 1.2 $
|
||||
| $Date: 2007-08-25 05:48:53 $
|
||||
| $Author: e107coders $
|
||||
| $Revision: 1.3 $
|
||||
| $Date: 2008-06-13 20:20:20 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
|
||||
@@ -49,21 +49,51 @@ else
|
||||
}
|
||||
}
|
||||
|
||||
$row = $authresult = $obj->authcheck($_POST['authname'], $_POST['authpass']);
|
||||
if ($row[0] == "authfail") {
|
||||
require_once(e_HANDLER.'user_handler.php');
|
||||
$row = $authresult = $obj->authcheck($_POST['authname'], $_POST['authpass'], varset($_POST['hashchallenge'],''));
|
||||
if ($row[0] == "authfail")
|
||||
{
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",LAN_ROLL_LOG_11,"U: ".$tp->toDB($_POST['authname']),FALSE,LOG_TO_ROLLING);
|
||||
echo "<script type='text/javascript'>document.location.href='../index.php'</script>\n";
|
||||
header("location: ../index.php");
|
||||
exit;
|
||||
} else {
|
||||
}
|
||||
else
|
||||
{
|
||||
$cookieval = $row['user_id'].".".md5($row['user_password']);
|
||||
|
||||
$userpass = md5($_POST['authpass']);
|
||||
$cookieval = $row['user_id'].".".md5($userpass);
|
||||
// $sql->db_Select("user", "*", "user_name='".$tp -> toDB($_POST['authname'])."'");
|
||||
// list($user_id, $user_name, $userpass) = $sql->db_Fetch();
|
||||
|
||||
$sql->db_Select("user", "*", "user_name='".$tp -> toDB($_POST['authname'])."'");
|
||||
list($user_id, $user_name, $userpass) = $sql->db_Fetch();
|
||||
if ($pref['user_tracking'] == "session") {
|
||||
// Calculate class membership - needed for a couple of things
|
||||
// Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
|
||||
$class_list = explode(',',$row['user_class']);
|
||||
if ($row['user_admin'] && strlen($row['user_perms']))
|
||||
{
|
||||
$class_list[] = e_UC_ADMIN;
|
||||
if (strpos($row['user_perms'],'0') === 0)
|
||||
{
|
||||
$class_list[] = e_UC_MAINADMIN;
|
||||
}
|
||||
}
|
||||
$class_list[] = e_UC_MEMBER;
|
||||
$class_list[] = e_UC_PUBLIC;
|
||||
|
||||
$user_logging_opts = array_flip(explode(',',varset($pref['user_audit_opts'],'')));
|
||||
if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'],''),$class_list))
|
||||
{ // Need to note in user audit trail
|
||||
$admin_log->user_audit(USER_AUDIT_LOGIN,'', $user_id,$user_name);
|
||||
}
|
||||
|
||||
$edata_li = array("user_id" => $row['user_id'], "user_name" => $row['user_name'], 'class_list' => implode(',',$class_list));
|
||||
$e_event->trigger("login", $edata_li);
|
||||
|
||||
if ($pref['user_tracking'] == "session")
|
||||
{
|
||||
$_SESSION[$pref['cookie_name']] = $cookieval;
|
||||
} else {
|
||||
}
|
||||
else
|
||||
{
|
||||
cookie($pref['cookie_name'], $cookieval, (time()+3600 * 24 * 30));
|
||||
}
|
||||
echo "<script type='text/javascript'>document.location.href='admin.php'</script>\n";
|
||||
@@ -73,7 +103,8 @@ else
|
||||
$e_sub_cat = 'logout';
|
||||
require_once(e_ADMIN."header.php");
|
||||
|
||||
if (ADMIN == FALSE) {
|
||||
if (ADMIN == FALSE)
|
||||
{
|
||||
$obj = new auth;
|
||||
$obj->authform();
|
||||
require_once(e_ADMIN."footer.php");
|
||||
@@ -84,7 +115,6 @@ else
|
||||
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------//
|
||||
class auth
|
||||
{
|
||||
|
||||
function authform()
|
||||
{
|
||||
/*
|
||||
@@ -95,24 +125,32 @@ class auth
|
||||
# - scope public
|
||||
*/
|
||||
|
||||
global $use_imagecode, $sec_img,$imode;
|
||||
global $use_imagecode, $sec_img,$imode, $pref;
|
||||
|
||||
$text = "<div style='padding:20px;text-align:center'>
|
||||
<form method='post' action='".e_SELF."'>\n
|
||||
<form method='post' action='".e_SELF."'";
|
||||
if (varsettrue($pref['password_CHAP'],0))
|
||||
{
|
||||
$text .= " onsubmit='hashLoginPassword(this)'";
|
||||
}
|
||||
$text .= ">\n
|
||||
<table style='width:50%' class='fborder'>
|
||||
<tr>
|
||||
<td rowspan='4' style='vertical-align:middle;width:65px'>".(file_exists(THEME."images/password.png") ? "<img src='".THEME_ABS."images/password.png' alt='' />\n" : "<img src='".e_IMAGE."packs/".$imode."/generic/password.png' alt='' />\n" )."</td>
|
||||
<td style='width:35%' class='forumheader3'>".ADLAN_89."</td>
|
||||
<td class='forumheader3' style='text-align:center'><input class='tbox' type='text' name='authname' size='30' value='$authname' maxlength='20' />\n</td>
|
||||
<td class='forumheader3' style='text-align:center'><input class='tbox' type='text' name='authname' id='username' size='30' value='' maxlength='".varset($pref['loginname_maxlength'],30)."' />\n</td>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td style='width:35%' class='forumheader3'>".ADLAN_90."</td>
|
||||
<td class='forumheader3' style='text-align:center'><input class='tbox' type='password' name='authpass' size='30' value='' maxlength='20' />\n</td>
|
||||
<td class='forumheader3' style='text-align:center'><input class='tbox' type='password' name='authpass' id='userpass' size='30' value='' maxlength='30' />\n";
|
||||
if (isset($_SESSION['challenge']) && varset($pref['password_CHAP'],0)) $text .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='{$_SESSION['challenge']}' />\n\n";
|
||||
$text .= "</td>
|
||||
</tr>
|
||||
";
|
||||
|
||||
if ($use_imagecode) {
|
||||
if ($use_imagecode)
|
||||
{
|
||||
$text .= "
|
||||
<tr>
|
||||
<td style='width:35%' class='forumheader3'>".ADLAN_152."</td>
|
||||
@@ -139,7 +177,7 @@ class auth
|
||||
$au->tablerender(ADLAN_92, $text);
|
||||
}
|
||||
|
||||
function authcheck($authname, $authpass)
|
||||
function authcheck($authname, $authpass, $authresponse = '')
|
||||
{
|
||||
/*
|
||||
# Admin auth check
|
||||
@@ -148,28 +186,50 @@ class auth
|
||||
# - return boolean if fail, else result array
|
||||
# - scope public
|
||||
*/
|
||||
global $tp;
|
||||
global $tp, $pref;
|
||||
$sql_auth = new db;
|
||||
$authname = $tp -> toDB(preg_replace("/\sOR\s|\=|\#/", "", $authname));
|
||||
if ($sql_auth->db_Select("user", "*", "user_loginname='$authname' AND user_admin='1' "))
|
||||
$reason = '';
|
||||
$user_info = new UserHandler;
|
||||
|
||||
$authname = $tp -> toDB(preg_replace("/\sOR\s|\=|\#/", "", trim($authname)));
|
||||
$authpass = trim($authpass);
|
||||
if (($authpass == '') || ($authname == '')) $reason = 'np';
|
||||
if (strlen($authname) > varset($pref['loginname_maxlength'],30)) $reason = 'lu';
|
||||
|
||||
if (!$reason)
|
||||
{
|
||||
if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' "))
|
||||
{
|
||||
$row = $sql_auth->db_Fetch();
|
||||
}
|
||||
elseif ($sql_auth->db_Select("user", "*", "user_name='{$authname}' AND user_admin='1' "))
|
||||
{
|
||||
$row = $sql_auth->db_Fetch();
|
||||
$authname = $row['user_loginname'];
|
||||
}
|
||||
else
|
||||
{
|
||||
if ($sql_auth->db_Select("user", "*", "user_name='$authname' AND user_admin='1' "))
|
||||
$reason = 'iu';
|
||||
}
|
||||
}
|
||||
if (!$reason && ($row['user_id']))
|
||||
{ // Can validate password
|
||||
if (($authresponse && isset($_SESSION['challenge'])) && ($authresponse != $_SESSION['challenge']))
|
||||
{ // Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted)
|
||||
if (($pass_result = $user_info->CheckCHAP($_SESSION['challenge'], $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID)
|
||||
{
|
||||
$row = $sql_auth->db_Fetch();
|
||||
return $$row;
|
||||
}
|
||||
}
|
||||
if($row['user_id'])
|
||||
{
|
||||
if($row['user_password'] == md5($authpass))
|
||||
else
|
||||
{ // Plaintext password
|
||||
if (($pass_result = $user_info->CheckPassword($authpass, $authname,$row['user_password'])) !== PASSWORD_INVALID)
|
||||
{
|
||||
return $row;
|
||||
}
|
||||
}
|
||||
return array("authfail");
|
||||
}
|
||||
return array("authfail", "reason" => $reason);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -11,8 +11,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_admin/prefs.php,v $
|
||||
| $Revision: 1.13 $
|
||||
| $Date: 2008-03-23 21:53:34 $
|
||||
| $Revision: 1.14 $
|
||||
| $Date: 2008-06-13 20:20:20 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -440,36 +440,41 @@ $text .= "</table></div>";
|
||||
// =========== Registration Preferences. ==================
|
||||
|
||||
$text .= "<div id='registration' style='display:none; text-align:center'><table style='width:100%' class='fborder'>
|
||||
<colgroup>
|
||||
<col style='width:50%' />
|
||||
<col style='width:50%' />
|
||||
</colgroup>
|
||||
<tr>
|
||||
<td class='fcaption' title='".PRFLAN_80."' style='text-align:left;' colspan='2'>".PRFLAN_28."</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_29."<br /><span class='smalltext'>".PRFLAN_30."</span></td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<td class='forumheader3'>".PRFLAN_29."<br /><span class='smalltext'>".PRFLAN_30."</span></td>
|
||||
<td style='text-align:right' class='forumheader3'>
|
||||
<input type='radio' name='user_reg' value='1'".($pref['user_reg'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='user_reg' value='0'".(!$pref['user_reg'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_141."<br /></td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<td class='forumheader3'>".PRFLAN_141."<br /></td>
|
||||
<td style='text-align:right' class='forumheader3'>
|
||||
<input type='radio' name='xup_enabled' value='1'".($pref['xup_enabled'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='xup_enabled' value='0'".(!$pref['xup_enabled'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_154."</td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<td class='forumheader3'>".PRFLAN_154."</td>
|
||||
<td style='text-align:right' class='forumheader3'>
|
||||
|
||||
<select name='user_reg_veri' class='tbox'>";
|
||||
$veri_list[0] = PRFLAN_152;
|
||||
$veri_list[1] = PRFLAN_31;
|
||||
$veri_list[2] = PRFLAN_153;
|
||||
|
||||
foreach($veri_list as $v => $v_title){
|
||||
foreach($veri_list as $v => $v_title)
|
||||
{
|
||||
$sel = ($pref['user_reg_veri'] == $v) ? "selected='selected'" : "";
|
||||
$text .= "<option value='$v' $sel>".$v_title."</option>\n";
|
||||
}
|
||||
@@ -478,48 +483,48 @@ $text .= "<div id='registration' style='display:none; text-align:center'><table
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_160."<br /></td>
|
||||
<td class='forumheader3' style='width:50%;text-align:right' >
|
||||
<td class='forumheader3'>".PRFLAN_160."<br /></td>
|
||||
<td class='forumheader3' style='text-align:right' >
|
||||
<input type='radio' name='signup_remote_emailcheck' value='1'".($pref['signup_remote_emailcheck'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='signup_remote_emailcheck' value='0'".(!$pref['signup_remote_emailcheck'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_167."<br /></td>
|
||||
<td class='forumheader3' style='width:50%;text-align:right' >
|
||||
<td class='forumheader3'>".PRFLAN_167."<br /></td>
|
||||
<td class='forumheader3' style='text-align:right' >
|
||||
<input type='radio' name='disable_emailcheck' value='1'".($pref['disable_emailcheck'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='disable_emailcheck' value='0'".(!$pref['disable_emailcheck'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_32."<br /><span class='smalltext'>".PRFLAN_33."</span></td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<td class='forumheader3'>".PRFLAN_32."<br /><span class='smalltext'>".PRFLAN_33."</span></td>
|
||||
<td style='text-align:right' class='forumheader3'>
|
||||
<input type='radio' name='anon_post' value='1'".($pref['anon_post'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='anon_post' value='0'".(!$pref['anon_post'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_45."<br /><span class='smalltext'>".PRFLAN_46." <a href='http://www.cdt.org/legislation/105th/privacy/coppa.html'>".PRFLAN_94."</a></span></td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<td class='forumheader3'>".PRFLAN_45."<br /><span class='smalltext'>".PRFLAN_46." <a href='http://www.cdt.org/legislation/105th/privacy/coppa.html'>".PRFLAN_94."</a></span></td>
|
||||
<td style='text-align:right' class='forumheader3'>
|
||||
<input type='radio' name='use_coppa' value='1'".($pref['use_coppa'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='use_coppa' value='0'".(!$pref['use_coppa'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_58."<br /><span class='smalltext'>".PRFLAN_59."</span></td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<td class='forumheader3'>".PRFLAN_58."<br /><span class='smalltext'>".PRFLAN_59."</span></td>
|
||||
<td style='text-align:right' class='forumheader3'>
|
||||
<input type='radio' name='membersonly_enabled' value='1'".($pref['membersonly_enabled'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='membersonly_enabled' value='0'".(!$pref['membersonly_enabled'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".CUSTSIG_16."<br /><span class='smalltext'>".PRFLAN_78."</span></td>
|
||||
<td class='forumheader3' style='width:50%;text-align:right' >
|
||||
<td class='forumheader3'>".CUSTSIG_16."<br /><span class='smalltext'>".PRFLAN_78."</span></td>
|
||||
<td class='forumheader3' style='text-align:right' >
|
||||
<input type='text' class='tbox' size='3' name='signup_pass_len' value='".$pref['signup_pass_len']."' />
|
||||
</td>
|
||||
</tr>
|
||||
@@ -527,37 +532,44 @@ $text .= "<div id='registration' style='display:none; text-align:center'><table
|
||||
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_136."</td>
|
||||
<td class='forumheader3' style='width:50%;text-align:right' >
|
||||
<td class='forumheader3'>".PRFLAN_136."</td>
|
||||
<td class='forumheader3' style='text-align:right' >
|
||||
<input type='text' class='tbox' size='3' name='signup_maxip' value='".$pref['signup_maxip']."' />
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".CUSTSIG_18."<br /><span class='smalltext'>".CUSTSIG_19."</span></td>
|
||||
<td class='forumheader3' style='width:50%;text-align:right' >
|
||||
<td class='forumheader3'>".CUSTSIG_18."<br /><span class='smalltext'>".CUSTSIG_19."</span></td>
|
||||
<td class='forumheader3' style='text-align:right' >
|
||||
<textarea class='tbox' name='signup_disallow_text' cols='1' rows='3' style='width: 80%;'>".$pref['signup_disallow_text']."</textarea>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_155.":</td>
|
||||
<td class='forumheader3' style='width:50%;text-align:right' >
|
||||
<td class='forumheader3'>".PRFLAN_155.":</td>
|
||||
<td class='forumheader3' style='text-align:right' >
|
||||
".r_userclass('displayname_class',$pref['displayname_class'],'off','nobody,public,admin,classes')."
|
||||
<input class='button' type='submit' name='submit_resetdisplaynames' value='".PRFLAN_156."' />
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_158.":</td>
|
||||
<td class='forumheader3' style='width:50%;text-align:right' >
|
||||
<td class='forumheader3'>".PRFLAN_192.":<br /><span class='smalltext'>".PRFLAN_193."</span></td>
|
||||
<td class='forumheader3' style='text-align:right' >
|
||||
<input type='text' class='tbox' size='30' name='predefinedLoginName' value='".varset($pref['predefinedLoginName'],'')."' /><br />".PRFLAN_194."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class='forumheader3'>".PRFLAN_158.":</td>
|
||||
<td class='forumheader3' style='text-align:right' >
|
||||
<input type='text' class='tbox' size='3' name='displayname_maxlength' value='".varset($pref['displayname_maxlength'],15)."' />
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_172.":</td>
|
||||
<td class='forumheader3' style='width:50%;text-align:right' >
|
||||
<td class='forumheader3'>".PRFLAN_172.":</td>
|
||||
<td class='forumheader3' style='text-align:right' >
|
||||
<input type='text' class='tbox' size='3' name='loginname_maxlength' value='".varset($pref['loginname_maxlength'],30)."' />
|
||||
</td>
|
||||
</tr>
|
||||
@@ -735,33 +747,48 @@ $text .= "<div id='textpost' style='display:none; text-align:center'>
|
||||
$text .= pref_submit();
|
||||
$text .= "</table></div>";
|
||||
|
||||
|
||||
function multi_radio($name, $textsVals, $currentval = '')
|
||||
{
|
||||
$ret = '';
|
||||
$gap = '';
|
||||
foreach ($textsVals as $v => $t)
|
||||
{
|
||||
$sel = ($v == $currentval) ? " checked='checked'" : "";
|
||||
$ret .= $gap."<input type='radio' name='{$name}' value='{$v}'{$sel} /> ".$t."\n";
|
||||
$gap = " ";
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
|
||||
|
||||
// Security Options. .
|
||||
$hasGD = extension_loaded("gd");
|
||||
|
||||
$text .= "<div id='security' style='display:none; text-align:center'>
|
||||
<table style='width:100%' class='fborder'>
|
||||
<colgroup>
|
||||
<col style='width:50%' />
|
||||
<col style='width:50%' />
|
||||
</colgroup>
|
||||
<tr>
|
||||
<td class='fcaption' title='".PRFLAN_80."' style='text-align:left;' colspan='2'>".PRFLAN_47."</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_60."<br /><span class='smalltext'>".PRFLAN_61."</span> </td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<input type='radio' name='ssl_enabled' value='1'".($pref['ssl_enabled'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='ssl_enabled' value='0'".(!$pref['ssl_enabled'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
<td class='forumheader3'>".PRFLAN_60."<br /><span class='smalltext'>".PRFLAN_61."</span> </td>
|
||||
<td style='text-align:right' class='forumheader3'>".
|
||||
multi_radio('ssl_enabled',array('1' => PRFLAN_112, '0' => PRFLAN_113),$pref['ssl_enabled'])."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_76.": </td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<td class='forumheader3'>".PRFLAN_76.": </td>
|
||||
<td style='text-align:right' class='forumheader3'>
|
||||
";
|
||||
if($hasGD)
|
||||
{
|
||||
$text .= "
|
||||
<input type='radio' name='signcode' value='1'".($pref['signcode'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='signcode' value='0'".(!$pref['signcode'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
";
|
||||
$text .= multi_radio('signcode', array('1' =>PRFLAN_112,'0' => PRFLAN_113), $pref['signcode']);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -772,15 +799,12 @@ $text .= "<div id='security' style='display:none; text-align:center'>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_81.": </td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<td class='forumheader3'>".PRFLAN_81.": </td>
|
||||
<td style='text-align:right' class='forumheader3'>
|
||||
";
|
||||
if($hasGD)
|
||||
{
|
||||
$text .= "
|
||||
<input type='radio' name='logcode' value='1'".($pref['logcode'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='logcode' value='0'".(!$pref['logcode'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
";
|
||||
$text .= multi_radio('logcode', array('1' =>PRFLAN_112,'0' => PRFLAN_113), $pref['logcode']);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -791,82 +815,108 @@ $text .= "<div id='security' style='display:none; text-align:center'>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_138.": </td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<td class='forumheader3'>".PRFLAN_138.": </td>
|
||||
<td style='text-align:right' class='forumheader3'>
|
||||
";
|
||||
if($hasGD)
|
||||
{
|
||||
$text .= "
|
||||
<input type='radio' name='fpwcode' value='1'".($pref['fpwcode'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='fpwcode' value='0'".(!$pref['fpwcode'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
";
|
||||
$text .= multi_radio('fpwcode', array('1' =>PRFLAN_112,'0' => PRFLAN_113), $pref['fpwcode']);
|
||||
}
|
||||
else
|
||||
{
|
||||
$text .= PRFLAN_133;
|
||||
}
|
||||
|
||||
$text .= "
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_92.": </td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<input type='radio' name='user_reg_secureveri' value='1'".($pref['user_reg_secureveri'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='user_reg_secureveri' value='0'".(!$pref['user_reg_secureveri'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
<td class='forumheader3'>".PRFLAN_92.": </td>
|
||||
<td style='text-align:right' class='forumheader3'>".
|
||||
multi_radio('user_reg_secureveri',array('1' => PRFLAN_112, '0' => PRFLAN_113),$pref['user_reg_secureveri'])."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_129.":<br /><span class='smalltext'>".PRFLAN_130."</span> </td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<input type='radio' name='disallowMultiLogin' value='1'".($pref['disallowMultiLogin'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='disallowMultiLogin' value='0'".(!$pref['disallowMultiLogin'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
<td class='forumheader3'>".PRFLAN_129.":<br /><span class='smalltext'>".PRFLAN_130."</span> </td>
|
||||
<td style='text-align:right' class='forumheader3'>".
|
||||
multi_radio('disallowMultiLogin',array('1' => PRFLAN_112, '0' => PRFLAN_113),$pref['disallowMultiLogin'])."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_48.": </td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>". ($pref['user_tracking'] == "cookie" ? "<input type='radio' name='user_tracking' value='cookie' checked='checked' /> ".PRFLAN_49 : "<input type='radio' name='user_tracking' value='cookie' /> ".PRFLAN_49). ($pref['user_tracking'] == "session" ? "<input type='radio' name='user_tracking' value='session' checked='checked' /> ".PRFLAN_50 : "<input type='radio' name='user_tracking' value='session' /> ".PRFLAN_50)."
|
||||
<td class='forumheader3'>".PRFLAN_184.": <br /><span class='smalltext'>".PRFLAN_185."</span></td>
|
||||
<td style='text-align:right' class='forumheader3'>".
|
||||
multi_radio('allowEmailLogin',array('1' => PRFLAN_186, '0' => PRFLAN_187),varset($pref['allowEmailLogin'],0))."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class='forumheader3'>".PRFLAN_48.": </td>
|
||||
<td style='text-align:right' class='forumheader3'>".
|
||||
multi_radio('user_tracking', array('cookie' => PRFLAN_49, 'session' => PRFLAN_50), $pref['user_tracking'])."
|
||||
<br />
|
||||
".PRFLAN_55.": <input class='tbox' type='text' name='cookie_name' size='20' value='".$pref['cookie_name']."' maxlength='20' />
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_40."<br /><span class='smalltext'>".PRFLAN_41."</span></td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<input type='radio' name='profanity_filter' value='1'".($pref['profanity_filter'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='profanity_filter' value='0'".(!$pref['profanity_filter'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
<td class='forumheader3'>".PRFLAN_188.": <br /><span class='smalltext'>".PRFLAN_191."</span></td>
|
||||
<td style='text-align:right' class='forumheader3'>".
|
||||
multi_radio('passwordEncoding',array('0' => PRFLAN_189, '1' => PRFLAN_190),varset($pref['passwordEncoding'],0))."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class='forumheader3'>".PRFLAN_178."<br /><span class='smalltext'>".PRFLAN_179."</span></td>
|
||||
<td style='text-align:right' class='forumheader3'>
|
||||
<select name='password_CHAP' class='tbox'>";
|
||||
$CHAP_list[0] = PRFLAN_180;
|
||||
$CHAP_list[1] = PRFLAN_181;
|
||||
$CHAP_list[2] = PRFLAN_182;
|
||||
|
||||
foreach($CHAP_list as $ab=>$ab_title){
|
||||
$sel = ($pref['password_CHAP'] == $ab) ? "selected='selected'" : "";
|
||||
$text .= "<option value='$ab' $sel>".$ab_title."</option>\n";
|
||||
}
|
||||
|
||||
$text .="</select>\n
|
||||
<br /><span class='smalltext'>".PRFLAN_183."</span></td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class='forumheader3'>".PRFLAN_40."<br /><span class='smalltext'>".PRFLAN_41."</span></td>
|
||||
<td style='text-align:right' class='forumheader3'>".
|
||||
multi_radio('profanity_filter', array('1' => PRFLAN_112, '0' => PRFLAN_113), $pref['profanity_filter'])."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_42.": </td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<td class='forumheader3'>".PRFLAN_42.": </td>
|
||||
<td style='text-align:right' class='forumheader3'>
|
||||
<input class='tbox' type='text' name='profanity_replace' size='30' value='".$pref['profanity_replace']."' maxlength='20' />
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_43.": </td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<td class='forumheader3'>".PRFLAN_43.": </td>
|
||||
<td style='text-align:right' class='forumheader3'>
|
||||
<textarea class='tbox' name='profanity_words' cols='59' rows='2' style='width:100%'>".$pref['profanity_words']."</textarea>
|
||||
<br />".PRFLAN_44."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_35.": </td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<input type='radio' name='antiflood1' value='1'".($pref['antiflood1'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='antiflood1' value='0'".(!$pref['antiflood1'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
<td class='forumheader3'>".PRFLAN_35.": </td>
|
||||
<td style='text-align:right' class='forumheader3'>".
|
||||
multi_radio('antiflood1',array('1' => PRFLAN_112, '0' => PRFLAN_113),$pref['antiflood1'])."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_36.": </td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<td class='forumheader3'>".PRFLAN_36.": </td>
|
||||
<td style='text-align:right' class='forumheader3'>
|
||||
<input class='tbox' type='text' name='antiflood_timeout' size='3' value='".$pref['antiflood_timeout']."' maxlength='3' />
|
||||
<br />
|
||||
<b class=\"smalltext\" >".PRFLAN_38."</b>
|
||||
@@ -875,8 +925,8 @@ $text .= "<div id='security' style='display:none; text-align:center'>
|
||||
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_37."<br /><span class='smalltext'>".PRFLAN_91."</span></td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<td class='forumheader3'>".PRFLAN_37."<br /><span class='smalltext'>".PRFLAN_91."</span></td>
|
||||
<td style='text-align:right' class='forumheader3'>
|
||||
<select name='autoban' class='tbox'>";
|
||||
$autoban_list[0] = PRFLAN_113;
|
||||
$autoban_list[1] = PRFLAN_144;
|
||||
@@ -892,10 +942,9 @@ $text .= "<div id='security' style='display:none; text-align:center'>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:50%' class='forumheader3'>".PRFLAN_139.":</td>
|
||||
<td style='width:50%; text-align:right' class='forumheader3'>
|
||||
<input type='radio' name='adminpwordchange' value='1'".($pref['adminpwordchange'] ? " checked='checked'" : "")." /> ".PRFLAN_112."
|
||||
<input type='radio' name='adminpwordchange' value='0'".(!$pref['adminpwordchange'] ? " checked='checked'" : "")." /> ".PRFLAN_113."
|
||||
<td class='forumheader3'>".PRFLAN_139.":</td>
|
||||
<td style='text-align:right' class='forumheader3'>".
|
||||
multi_radio('adminpwordchange',array('1' => PRFLAN_112, '0' => PRFLAN_113),$pref['adminpwordchange'])."
|
||||
</td>
|
||||
</tr>
|
||||
";
|
||||
|
||||
@@ -11,8 +11,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_admin/sql/core_sql.php,v $
|
||||
| $Revision: 1.10 $
|
||||
| $Date: 2008-05-24 12:45:27 $
|
||||
| $Revision: 1.11 $
|
||||
| $Date: 2008-06-13 20:20:20 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -495,7 +495,7 @@ CREATE TABLE user (
|
||||
user_name varchar(100) NOT NULL default '',
|
||||
user_loginname varchar(100) NOT NULL default '',
|
||||
user_customtitle varchar(100) NOT NULL default '',
|
||||
user_password varchar(32) NOT NULL default '',
|
||||
user_password varchar(50) NOT NULL default '',
|
||||
user_sess varchar(100) NOT NULL default '',
|
||||
user_email varchar(100) NOT NULL default '',
|
||||
user_signature text NOT NULL,
|
||||
@@ -522,7 +522,7 @@ CREATE TABLE user (
|
||||
user_xup varchar(100) NOT NULL default '',
|
||||
PRIMARY KEY (user_id),
|
||||
UNIQUE KEY user_name (user_name),
|
||||
KEY user_ban_index (user_ban)
|
||||
KEY join_ban_index (user_join,user_ban)
|
||||
) TYPE=MyISAM;
|
||||
# --------------------------------------------------------
|
||||
|
||||
|
||||
@@ -11,8 +11,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_admin/users.php,v $
|
||||
| $Revision: 1.15 $
|
||||
| $Date: 2008-06-06 19:14:20 $
|
||||
| $Revision: 1.16 $
|
||||
| $Date: 2008-06-13 20:20:20 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -52,6 +52,9 @@ require_once("auth.php");
|
||||
|
||||
require_once(e_HANDLER."form_handler.php");
|
||||
require_once(e_HANDLER."userclass_class.php");
|
||||
require_once(e_HANDLER.'user_handler.php');
|
||||
$user_info = new UserHandler;
|
||||
$user_data = array();
|
||||
|
||||
$rs = new form;
|
||||
|
||||
@@ -215,12 +218,19 @@ if (isset($_POST['adduser']))
|
||||
}
|
||||
|
||||
|
||||
if (isset($_POST['generateloginname']))
|
||||
{
|
||||
$loginname = $user_info->generateUserLogin($pref['predefinedLoginName']);
|
||||
}
|
||||
else
|
||||
{
|
||||
$loginname = trim(preg_replace('/ |\#|\=|\$/', "", strip_tags($_POST['loginname'])));
|
||||
if ($loginname != $_POST['loginname'])
|
||||
{
|
||||
message_handler('P_ALERT',USRLAN_152);
|
||||
$error = TRUE;
|
||||
}
|
||||
}
|
||||
if ((strlen($loginname) > varset($pref['loginname_maxlength'],30)) || (strlen($loginname) < 3))
|
||||
{
|
||||
message_handler('P_ALERT',USRLAN_154);
|
||||
@@ -233,11 +243,18 @@ if (isset($_POST['adduser']))
|
||||
}
|
||||
|
||||
|
||||
if (isset($_POST['generatepassword']))
|
||||
{
|
||||
$_POST['password1'] = $user_info->generateRandomString('**********'); // 10-char password should be enough
|
||||
}
|
||||
else
|
||||
{
|
||||
if ($_POST['password1'] != $_POST['password2'])
|
||||
{
|
||||
message_handler("P_ALERT", USRLAN_67);
|
||||
$error = TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
if ($_POST['name'] == "" || $_POST['password1'] == "" || $_POST['password2'] = "")
|
||||
{
|
||||
@@ -260,20 +277,21 @@ if (isset($_POST['adduser']))
|
||||
$error = TRUE;
|
||||
}
|
||||
|
||||
if (!$error)
|
||||
{
|
||||
// Always save some of the entered data - then we can redisplay on error
|
||||
$user_data['user_name'] = $displayname;
|
||||
$user_data['user_loginname'] = $loginname;
|
||||
$user_data['user_class'] = implode(",", $_POST['userclass']);
|
||||
$user_data['user_password'] = md5($_POST['password1']);
|
||||
$user_data['user_email'] = $tp->toDB($_POST['email']);
|
||||
$user_data['user_hideemail'] = 1;
|
||||
$user_data['user_join'] = time();
|
||||
$user_data['user_lastvisit'] = time();
|
||||
$user_data['user_currentvisit'] = time();
|
||||
$user_data['user_pwchange'] = time();
|
||||
$user_data['user_login'] = $tp->toDB($_POST['realname']);
|
||||
|
||||
if (!$error)
|
||||
{
|
||||
$user_data['user_password'] = $user_info->HashPassword($_POST['password1'],$loginname);
|
||||
$user_data['user_join'] = time();
|
||||
$user_data['user_lastvisit'] = 0;
|
||||
$user_data['user_currentvisit'] = 0;
|
||||
$user_data['user_pwchange'] = 0;
|
||||
if (admin_update($sql -> db_Insert("user", $user_data), 'insert', USRLAN_70))
|
||||
{
|
||||
// Add to admin log
|
||||
@@ -293,6 +311,8 @@ if (isset($_POST['adduser']))
|
||||
$message = USRLAN_159;
|
||||
}
|
||||
}
|
||||
if (isset($_POST['generateloginname'])) $message .= '<br /><br />'.USRLAN_173.': '.$loginname;
|
||||
if (isset($_POST['generatepassword'])) $message .= '<br /><br />'.USRLAN_172.': '.$_POST['password1'];
|
||||
}
|
||||
}
|
||||
if (isset($message)) $user->show_message($message);
|
||||
@@ -592,7 +612,7 @@ switch ($action)
|
||||
break;
|
||||
|
||||
case "create" :
|
||||
$user->add_user();
|
||||
$user->add_user($user_data);
|
||||
break;
|
||||
|
||||
default :
|
||||
@@ -1106,37 +1126,40 @@ class users
|
||||
|
||||
|
||||
|
||||
function add_user()
|
||||
// Add a new user - may be passed existing data if there was an entry error on first pass
|
||||
function add_user($user_data)
|
||||
{
|
||||
global $rs, $ns, $pref, $e_userclass;
|
||||
if (!is_object($e_userclass)) $e_userclass = new user_class;
|
||||
$text = "<div style='text-align:center'>". $rs->form_open("post", e_SELF, "adduserform")."
|
||||
$text = "<div style='text-align:center'>". $rs->form_open("post", e_SELF.(e_QUERY ? '?'.e_QUERY : ''), "adduserform")."
|
||||
<table style='".ADMIN_WIDTH."' class='fborder'>
|
||||
<tr>
|
||||
<td style='width:30%' class='forumheader3'>".USRLAN_61."</td>
|
||||
<td style='width:70%' class='forumheader3'>
|
||||
".$rs->form_text("name", 40, "", 30)."
|
||||
".$rs->form_text("name", 40, varset($user_data['user_name'],""), 30)."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:30%' class='forumheader3'>".USRLAN_128."</td>
|
||||
<td style='width:70%' class='forumheader3'>
|
||||
".$rs->form_text("loginname", 40, "", 30)."
|
||||
".$rs->form_text("loginname", 40, varset($user_data['user_loginname'],""), 30)."
|
||||
".$rs->form_checkbox('generateloginname',1,varset($pref['predefinedLoginName'],FALSE)).USRLAN_170."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:30%' class='forumheader3'>".USRLAN_129."</td>
|
||||
<td style='width:70%' class='forumheader3'>
|
||||
".$rs->form_text("realname", 40, "", 30)."
|
||||
".$rs->form_text("realname", 40, varset($user_data['user_login'],""), 30)."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:30%' class='forumheader3'>".USRLAN_62."</td>
|
||||
<td style='width:70%' class='forumheader3'>
|
||||
".$rs->form_password("password1", 40, "", 20)."
|
||||
".$rs->form_password("password1", 40, "", 20)."
|
||||
".$rs->form_checkbox('generatepassword',1,FALSE).USRLAN_171."
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
@@ -1148,12 +1171,13 @@ class users
|
||||
<tr>
|
||||
<td style='width:30%' class='forumheader3'>".USRLAN_64."</td>
|
||||
<td style='width:70%' class='forumheader3'>
|
||||
".$rs->form_text("email", 60, "", 100)."
|
||||
".$rs->form_text("email", 60, varset($user_data['user_email'],""), 100)."
|
||||
</td>
|
||||
</tr>\n";
|
||||
|
||||
|
||||
$temp = $e_userclass->vetted_tree('userclass[]',array($e_userclass,'checkbox_desc'), varset($pref['initial_user_classes'],''), 'classes');
|
||||
if (!isset($user_data['user_class'])) $user_data['user_class'] = varset($pref['initial_user_classes'],'');
|
||||
$temp = $e_userclass->vetted_tree('userclass',array($e_userclass,'checkbox_desc'), $user_data['user_class'], 'classes');
|
||||
|
||||
|
||||
if ($temp)
|
||||
|
||||
408
e107_files/chap_script.js
Normal file
408
e107_files/chap_script.js
Normal file
@@ -0,0 +1,408 @@
|
||||
<!--
|
||||
/*
|
||||
JS for logon.
|
||||
*/
|
||||
|
||||
var challenge;
|
||||
|
||||
function getChallenge()
|
||||
{
|
||||
temp = document.getElementById('hashchallenge');
|
||||
if (temp)
|
||||
{
|
||||
challenge = temp.value;
|
||||
temp.value = '';
|
||||
}
|
||||
}
|
||||
|
||||
// Called on form submit entered into password field
|
||||
// Passed current form
|
||||
function hashLoginPassword(doForm)
|
||||
{
|
||||
if (typeof(hex_md5) == "undefined") return;
|
||||
if (typeof(challenge) == "undefined") return;
|
||||
|
||||
doForm.hashchallenge.value = hex_md5(hex_md5(hex_md5(doForm.userpass.value) + doForm.username.value) + challenge);
|
||||
doForm.userpass.value = ""; // Don't send plaintext password back
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
|
||||
* Digest Algorithm, as defined in RFC 1321.
|
||||
* Version 2.2-alpha Copyright (C) Paul Johnston 1999 - 2005
|
||||
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
|
||||
* Distributed under the BSD License
|
||||
* See http://pajhome.org.uk/crypt/md5 for more info.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Configurable variables. You may need to tweak these to be compatible with
|
||||
* the server-side, but the defaults work in most cases.
|
||||
*/
|
||||
var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
|
||||
var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */
|
||||
|
||||
/*
|
||||
* These are the functions you'll usually want to call
|
||||
* They take string arguments and return either hex or base-64 encoded strings
|
||||
*/
|
||||
function hex_md5(s) { return rstr2hex(rstr_md5(str2rstr_utf8(s))); }
|
||||
function b64_md5(s) { return rstr2b64(rstr_md5(str2rstr_utf8(s))); }
|
||||
function any_md5(s, e) { return rstr2any(rstr_md5(str2rstr_utf8(s)), e); }
|
||||
function hex_hmac_md5(k, d)
|
||||
{ return rstr2hex(rstr_hmac_md5(str2rstr_utf8(k), str2rstr_utf8(d))); }
|
||||
function b64_hmac_md5(k, d)
|
||||
{ return rstr2b64(rstr_hmac_md5(str2rstr_utf8(k), str2rstr_utf8(d))); }
|
||||
function any_hmac_md5(k, d, e)
|
||||
{ return rstr2any(rstr_hmac_md5(str2rstr_utf8(k), str2rstr_utf8(d)), e); }
|
||||
|
||||
/*
|
||||
* Perform a simple self-test to see if the VM is working
|
||||
*/
|
||||
function md5_vm_test()
|
||||
{
|
||||
return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72";
|
||||
}
|
||||
|
||||
/*
|
||||
* Calculate the MD5 of a raw string
|
||||
*/
|
||||
function rstr_md5(s)
|
||||
{
|
||||
return binl2rstr(binl_md5(rstr2binl(s), s.length * 8));
|
||||
}
|
||||
|
||||
/*
|
||||
* Calculate the HMAC-MD5, of a key and some data (raw strings)
|
||||
*/
|
||||
function rstr_hmac_md5(key, data)
|
||||
{
|
||||
var bkey = rstr2binl(key);
|
||||
if(bkey.length > 16) bkey = binl_md5(bkey, key.length * 8);
|
||||
|
||||
var ipad = Array(16), opad = Array(16);
|
||||
for(var i = 0; i < 16; i++)
|
||||
{
|
||||
ipad[i] = bkey[i] ^ 0x36363636;
|
||||
opad[i] = bkey[i] ^ 0x5C5C5C5C;
|
||||
}
|
||||
|
||||
var hash = binl_md5(ipad.concat(rstr2binl(data)), 512 + data.length * 8);
|
||||
return binl2rstr(binl_md5(opad.concat(hash), 512 + 128));
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert a raw string to a hex string
|
||||
*/
|
||||
function rstr2hex(input)
|
||||
{
|
||||
var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
|
||||
var output = "";
|
||||
var x;
|
||||
for(var i = 0; i < input.length; i++)
|
||||
{
|
||||
x = input.charCodeAt(i);
|
||||
output += hex_tab.charAt((x >>> 4) & 0x0F)
|
||||
+ hex_tab.charAt( x & 0x0F);
|
||||
}
|
||||
return output;
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert a raw string to a base-64 string
|
||||
*/
|
||||
function rstr2b64(input)
|
||||
{
|
||||
var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
||||
var output = "";
|
||||
var len = input.length;
|
||||
for(var i = 0; i < len; i += 3)
|
||||
{
|
||||
var triplet = (input.charCodeAt(i) << 16)
|
||||
| (i + 1 < len ? input.charCodeAt(i+1) << 8 : 0)
|
||||
| (i + 2 < len ? input.charCodeAt(i+2) : 0);
|
||||
for(var j = 0; j < 4; j++)
|
||||
{
|
||||
if(i * 8 + j * 6 > input.length * 8) output += b64pad;
|
||||
else output += tab.charAt((triplet >>> 6*(3-j)) & 0x3F);
|
||||
}
|
||||
}
|
||||
return output;
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert a raw string to an arbitrary string encoding
|
||||
*/
|
||||
function rstr2any(input, encoding)
|
||||
{
|
||||
var divisor = encoding.length;
|
||||
var i, j, q, x, quotient;
|
||||
|
||||
/* Convert to an array of 16-bit big-endian values, forming the dividend */
|
||||
var dividend = Array(Math.ceil(input.length / 2));
|
||||
for(i = 0; i < dividend.length; i++)
|
||||
{
|
||||
dividend[i] = (input.charCodeAt(i * 2) << 8) | input.charCodeAt(i * 2 + 1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Repeatedly perform a long division. The binary array forms the dividend,
|
||||
* the length of the encoding is the divisor. Once computed, the quotient
|
||||
* forms the dividend for the next step. All remainders are stored for later
|
||||
* use.
|
||||
*/
|
||||
var full_length = Math.ceil(input.length * 8 /
|
||||
(Math.log(encoding.length) / Math.log(2)));
|
||||
var remainders = Array(full_length);
|
||||
for(j = 0; j < full_length; j++)
|
||||
{
|
||||
quotient = Array();
|
||||
x = 0;
|
||||
for(i = 0; i < dividend.length; i++)
|
||||
{
|
||||
x = (x << 16) + dividend[i];
|
||||
q = Math.floor(x / divisor);
|
||||
x -= q * divisor;
|
||||
if(quotient.length > 0 || q > 0)
|
||||
quotient[quotient.length] = q;
|
||||
}
|
||||
remainders[j] = x;
|
||||
dividend = quotient;
|
||||
}
|
||||
|
||||
/* Convert the remainders to the output string */
|
||||
var output = "";
|
||||
for(i = remainders.length - 1; i >= 0; i--)
|
||||
output += encoding.charAt(remainders[i]);
|
||||
|
||||
return output;
|
||||
}
|
||||
|
||||
/*
|
||||
* Encode a string as utf-8.
|
||||
* For efficiency, this assumes the input is valid utf-16.
|
||||
*/
|
||||
function str2rstr_utf8(input)
|
||||
{
|
||||
var output = "";
|
||||
var i = -1;
|
||||
var x, y;
|
||||
|
||||
while(++i < input.length)
|
||||
{
|
||||
/* Decode utf-16 surrogate pairs */
|
||||
x = input.charCodeAt(i);
|
||||
y = i + 1 < input.length ? input.charCodeAt(i + 1) : 0;
|
||||
if(0xD800 <= x && x <= 0xDBFF && 0xDC00 <= y && y <= 0xDFFF)
|
||||
{
|
||||
x = 0x10000 + ((x & 0x03FF) << 10) + (y & 0x03FF);
|
||||
i++;
|
||||
}
|
||||
|
||||
/* Encode output as utf-8 */
|
||||
if(x <= 0x7F)
|
||||
output += String.fromCharCode(x);
|
||||
else if(x <= 0x7FF)
|
||||
output += String.fromCharCode(0xC0 | ((x >>> 6 ) & 0x1F),
|
||||
0x80 | ( x & 0x3F));
|
||||
else if(x <= 0xFFFF)
|
||||
output += String.fromCharCode(0xE0 | ((x >>> 12) & 0x0F),
|
||||
0x80 | ((x >>> 6 ) & 0x3F),
|
||||
0x80 | ( x & 0x3F));
|
||||
else if(x <= 0x1FFFFF)
|
||||
output += String.fromCharCode(0xF0 | ((x >>> 18) & 0x07),
|
||||
0x80 | ((x >>> 12) & 0x3F),
|
||||
0x80 | ((x >>> 6 ) & 0x3F),
|
||||
0x80 | ( x & 0x3F));
|
||||
}
|
||||
return output;
|
||||
}
|
||||
|
||||
/*
|
||||
* Encode a string as utf-16
|
||||
*/
|
||||
function str2rstr_utf16le(input)
|
||||
{
|
||||
var output = "";
|
||||
for(var i = 0; i < input.length; i++)
|
||||
output += String.fromCharCode( input.charCodeAt(i) & 0xFF,
|
||||
(input.charCodeAt(i) >>> 8) & 0xFF);
|
||||
return output;
|
||||
}
|
||||
|
||||
function str2rstr_utf16be(input)
|
||||
{
|
||||
var output = "";
|
||||
for(var i = 0; i < input.length; i++)
|
||||
output += String.fromCharCode((input.charCodeAt(i) >>> 8) & 0xFF,
|
||||
input.charCodeAt(i) & 0xFF);
|
||||
return output;
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert a raw string to an array of little-endian words
|
||||
* Characters >255 have their high-byte silently ignored.
|
||||
*/
|
||||
function rstr2binl(input)
|
||||
{
|
||||
var output = Array(input.length >> 2);
|
||||
for(var i = 0; i < output.length; i++)
|
||||
output[i] = 0;
|
||||
for(var i = 0; i < input.length * 8; i += 8)
|
||||
output[i>>5] |= (input.charCodeAt(i / 8) & 0xFF) << (i%32);
|
||||
return output;
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert an array of little-endian words to a string
|
||||
*/
|
||||
function binl2rstr(input)
|
||||
{
|
||||
var output = "";
|
||||
for(var i = 0; i < input.length * 32; i += 8)
|
||||
output += String.fromCharCode((input[i>>5] >>> (i % 32)) & 0xFF);
|
||||
return output;
|
||||
}
|
||||
|
||||
/*
|
||||
* Calculate the MD5 of an array of little-endian words, and a bit length.
|
||||
*/
|
||||
function binl_md5(x, len)
|
||||
{
|
||||
/* append padding */
|
||||
x[len >> 5] |= 0x80 << ((len) % 32);
|
||||
x[(((len + 64) >>> 9) << 4) + 14] = len;
|
||||
|
||||
var a = 1732584193;
|
||||
var b = -271733879;
|
||||
var c = -1732584194;
|
||||
var d = 271733878;
|
||||
|
||||
for(var i = 0; i < x.length; i += 16)
|
||||
{
|
||||
var olda = a;
|
||||
var oldb = b;
|
||||
var oldc = c;
|
||||
var oldd = d;
|
||||
|
||||
a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);
|
||||
d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);
|
||||
c = md5_ff(c, d, a, b, x[i+ 2], 17, 606105819);
|
||||
b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);
|
||||
a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);
|
||||
d = md5_ff(d, a, b, c, x[i+ 5], 12, 1200080426);
|
||||
c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);
|
||||
b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);
|
||||
a = md5_ff(a, b, c, d, x[i+ 8], 7 , 1770035416);
|
||||
d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);
|
||||
c = md5_ff(c, d, a, b, x[i+10], 17, -42063);
|
||||
b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);
|
||||
a = md5_ff(a, b, c, d, x[i+12], 7 , 1804603682);
|
||||
d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);
|
||||
c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);
|
||||
b = md5_ff(b, c, d, a, x[i+15], 22, 1236535329);
|
||||
|
||||
a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);
|
||||
d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);
|
||||
c = md5_gg(c, d, a, b, x[i+11], 14, 643717713);
|
||||
b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);
|
||||
a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);
|
||||
d = md5_gg(d, a, b, c, x[i+10], 9 , 38016083);
|
||||
c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);
|
||||
b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);
|
||||
a = md5_gg(a, b, c, d, x[i+ 9], 5 , 568446438);
|
||||
d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);
|
||||
c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);
|
||||
b = md5_gg(b, c, d, a, x[i+ 8], 20, 1163531501);
|
||||
a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);
|
||||
d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);
|
||||
c = md5_gg(c, d, a, b, x[i+ 7], 14, 1735328473);
|
||||
b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);
|
||||
|
||||
a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);
|
||||
d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);
|
||||
c = md5_hh(c, d, a, b, x[i+11], 16, 1839030562);
|
||||
b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);
|
||||
a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);
|
||||
d = md5_hh(d, a, b, c, x[i+ 4], 11, 1272893353);
|
||||
c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);
|
||||
b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);
|
||||
a = md5_hh(a, b, c, d, x[i+13], 4 , 681279174);
|
||||
d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);
|
||||
c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);
|
||||
b = md5_hh(b, c, d, a, x[i+ 6], 23, 76029189);
|
||||
a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);
|
||||
d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);
|
||||
c = md5_hh(c, d, a, b, x[i+15], 16, 530742520);
|
||||
b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);
|
||||
|
||||
a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);
|
||||
d = md5_ii(d, a, b, c, x[i+ 7], 10, 1126891415);
|
||||
c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);
|
||||
b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);
|
||||
a = md5_ii(a, b, c, d, x[i+12], 6 , 1700485571);
|
||||
d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);
|
||||
c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);
|
||||
b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);
|
||||
a = md5_ii(a, b, c, d, x[i+ 8], 6 , 1873313359);
|
||||
d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);
|
||||
c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);
|
||||
b = md5_ii(b, c, d, a, x[i+13], 21, 1309151649);
|
||||
a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);
|
||||
d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);
|
||||
c = md5_ii(c, d, a, b, x[i+ 2], 15, 718787259);
|
||||
b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551);
|
||||
|
||||
a = safe_add(a, olda);
|
||||
b = safe_add(b, oldb);
|
||||
c = safe_add(c, oldc);
|
||||
d = safe_add(d, oldd);
|
||||
}
|
||||
return Array(a, b, c, d);
|
||||
}
|
||||
|
||||
/*
|
||||
* These functions implement the four basic operations the algorithm uses.
|
||||
*/
|
||||
function md5_cmn(q, a, b, x, s, t)
|
||||
{
|
||||
return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b);
|
||||
}
|
||||
function md5_ff(a, b, c, d, x, s, t)
|
||||
{
|
||||
return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t);
|
||||
}
|
||||
function md5_gg(a, b, c, d, x, s, t)
|
||||
{
|
||||
return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t);
|
||||
}
|
||||
function md5_hh(a, b, c, d, x, s, t)
|
||||
{
|
||||
return md5_cmn(b ^ c ^ d, a, b, x, s, t);
|
||||
}
|
||||
function md5_ii(a, b, c, d, x, s, t)
|
||||
{
|
||||
return md5_cmn(c ^ (b | (~d)), a, b, x, s, t);
|
||||
}
|
||||
|
||||
/*
|
||||
* Add integers, wrapping at 2^32. This uses 16-bit operations internally
|
||||
* to work around bugs in some JS interpreters.
|
||||
*/
|
||||
function safe_add(x, y)
|
||||
{
|
||||
var lsw = (x & 0xFFFF) + (y & 0xFFFF);
|
||||
var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
|
||||
return (msw << 16) | (lsw & 0xFFFF);
|
||||
}
|
||||
|
||||
/*
|
||||
* Bitwise rotate a 32-bit number to the left.
|
||||
*/
|
||||
function bit_rol(num, cnt)
|
||||
{
|
||||
return (num << cnt) | (num >>> (32 - cnt));
|
||||
}
|
||||
//-->
|
||||
@@ -11,8 +11,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_files/def_e107_prefs.php,v $
|
||||
| $Revision: 1.10 $
|
||||
| $Date: 2008-03-17 20:48:48 $
|
||||
| $Revision: 1.11 $
|
||||
| $Date: 2008-06-13 20:20:20 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -41,10 +41,12 @@ City, State, Country
|
||||
'adminstyle' => 'classis',
|
||||
'sitedisclaimer' => LAN_PREF_3,
|
||||
'newsposts' => '10',
|
||||
|
||||
'flood_protect' => '1',
|
||||
'flood_timeout' => '5',
|
||||
'flood_time' => '30',
|
||||
'flood_hits' => '100',
|
||||
|
||||
'anon_post' => '0',
|
||||
'user_reg' => '1',
|
||||
'use_coppa' => '1',
|
||||
@@ -68,8 +70,6 @@ City, State, Country
|
||||
'meta_tag' => '',
|
||||
'user_reg_veri' => '1',
|
||||
'email_notify' => '0',
|
||||
'user_tracking' => 'cookie',
|
||||
'cookie_name' => 'e107cookie',
|
||||
'resize_method' => 'gd2',
|
||||
'im_path' => '/usr/X11R6/bin/',
|
||||
'im_width' => '120',
|
||||
@@ -156,10 +156,18 @@ City, State, Country
|
||||
'comments_disabled' => '0',
|
||||
'memberlist_access' => '253',
|
||||
'check_updates' => '0',
|
||||
|
||||
'enable_rdns' => '0',
|
||||
'enable_rdns_on_ban' => '0',
|
||||
'ban_max_online_access' => '100,200',
|
||||
'ban_retrigger' => '0'
|
||||
'ban_retrigger' => '0',
|
||||
|
||||
'user_tracking' => 'cookie',
|
||||
'cookie_name' => 'e107cookie',
|
||||
'passwordEncoding' => 0, // Legacy encoding
|
||||
'allowEmailLogin' => 0, // Disabled by default
|
||||
'password_CHAP' => '0', // Disabled by default
|
||||
'predefinedLoginName' => '' // Allow user to define own login name by default
|
||||
|
||||
);
|
||||
|
||||
|
||||
@@ -11,8 +11,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_files/shortcode/batch/signup_shortcodes.php,v $
|
||||
| $Revision: 1.10 $
|
||||
| $Date: 2008-01-15 21:57:31 $
|
||||
| $Revision: 1.11 $
|
||||
| $Date: 2008-06-13 20:20:21 $
|
||||
| $Author: e107steved $
|
||||
|
|
||||
| Mods to show extended field categories
|
||||
@@ -90,7 +90,11 @@ SC_END
|
||||
|
||||
|
||||
SC_BEGIN SIGNUP_LOGINNAME
|
||||
global $rs;
|
||||
global $rs, $pref;
|
||||
if (varsettrue($pref['predefinedLoginName']))
|
||||
{
|
||||
return LAN_SIGNUP_67;
|
||||
}
|
||||
$log_name_length = varset($pref['loginname_maxlength'],30);
|
||||
return $rs->form_text("loginname", $log_name_length+5, ($_POST['loginname'] ? $_POST['loginname'] : $loginname), $log_name_length);
|
||||
SC_END
|
||||
|
||||
126
e107_files/utilities/passcalc.php
Normal file
126
e107_files/utilities/passcalc.php
Normal file
@@ -0,0 +1,126 @@
|
||||
<?php
|
||||
|
||||
require('..\..\class2.php');
|
||||
require_once(e_HANDLER.'user_handler.php');
|
||||
$user_info = new userHandler;
|
||||
|
||||
define('LAN_PCALC_01','E107 Password Calculation Utility');
|
||||
define('LAN_PCALC_02','Login Name');
|
||||
define('LAN_PCALC_03','Desired password');
|
||||
define('LAN_PCALC_04','Calculate');
|
||||
define('LAN_PCALC_05','Invalid login name');
|
||||
define('LAN_PCALC_06','Errors Found!!!');
|
||||
define('LAN_PCALC_07','Calculated hash:');
|
||||
define('LAN_PCALC_08','Password invalid');
|
||||
define('LAN_PCALC_09','Confirm password');
|
||||
define('LAN_PCALC_10','Passwords don\'t match!');
|
||||
define('LAN_PCALC_11', 'Password Calculation');
|
||||
|
||||
|
||||
$loginName = varset($_POST['calc_loginname'],'');
|
||||
|
||||
require(HEADERF);
|
||||
$text =
|
||||
"<div style='text-align:center'>
|
||||
<form method='post' action='".e_SELF."'>
|
||||
<table style='width:95%' class='fborder'>
|
||||
<colgroup>
|
||||
<col style='width:60%' />
|
||||
<col style='width:40%' />
|
||||
</colgroup>
|
||||
|
||||
<tr>
|
||||
<td colspan='2' class='forumheader3' style='text-align:center'>".LAN_PCALC_01."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class='forumheader3'>".LAN_PCALC_02."</td>
|
||||
<td class='forumheader3'>
|
||||
<input class='tbox' type='text' size='60' maxlength='100' name='calc_loginname' value='{$loginName}' />
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class='forumheader3'>".LAN_PCALC_03."</td>
|
||||
<td class='forumheader3'>
|
||||
<input class='tbox' type='password' size='60' maxlength='100' name='calc_password' value='' />
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class='forumheader3'>".LAN_PCALC_09."</td>
|
||||
<td class='forumheader3'>
|
||||
<input class='tbox' type='password' size='60' maxlength='100' name='calc_password1' value='' />
|
||||
</td>
|
||||
</tr>";
|
||||
|
||||
|
||||
$errorString = '';
|
||||
if (isset($_POST['show_password']))
|
||||
{
|
||||
if ($_POST['calc_password'] != $_POST['calc_password1'])
|
||||
{
|
||||
$errorString = LAN_PCALC_10;
|
||||
}
|
||||
|
||||
if (!$errorString)
|
||||
{
|
||||
$loginResult = $user_info->validateField('user_loginname',$loginName,FALSE);
|
||||
$passwordResult = $user_info->validateField('user_password',trim($_POST['calc_password']),FALSE);
|
||||
|
||||
if ($passwordResult !== TRUE)
|
||||
{
|
||||
$errorString = LAN_PCALC_08;
|
||||
}
|
||||
elseif ($loginResult === TRUE)
|
||||
{
|
||||
$passwordHash = $user_info->HashPassword($_POST['calc_password'],$loginName);
|
||||
}
|
||||
else
|
||||
{
|
||||
$errorString = LAN_PCALC_05;
|
||||
}
|
||||
}
|
||||
|
||||
if (!$errorString)
|
||||
{
|
||||
$text .= "
|
||||
<tr>
|
||||
<td class='forumheader3'>".LAN_PCALC_07."</td>
|
||||
<td class='forumheader3'>".$passwordHash."</td>
|
||||
</tr>";
|
||||
}
|
||||
|
||||
|
||||
if ($errorString)
|
||||
{
|
||||
$text .= "
|
||||
<tr>
|
||||
<td class='forumheader3'>".LAN_PCALC_06."</td>
|
||||
<td class='forumheader3'>".$errorString."</td>
|
||||
</tr>";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$text .= "
|
||||
<tr>
|
||||
<td class='forumheader3' colspan='3' style='text-align:center'>
|
||||
<input class='button' type='submit' name='show_password' value='".LAN_PCALC_04."' />
|
||||
</td>
|
||||
</tr>";
|
||||
|
||||
|
||||
|
||||
|
||||
$text .= "
|
||||
</table>\n
|
||||
</form>
|
||||
</div><br />";
|
||||
$ns->tablerender(LAN_PCALC_11, $text);
|
||||
|
||||
require(FOOTERF);
|
||||
|
||||
|
||||
?>
|
||||
296
e107_files/utilities/passconv.php
Normal file
296
e107_files/utilities/passconv.php
Normal file
@@ -0,0 +1,296 @@
|
||||
<?php
|
||||
|
||||
require('..\..\class2.php');
|
||||
require_once(e_HANDLER.'user_handler.php');
|
||||
if (!check_class(e_UC_MAINADMIN))
|
||||
{
|
||||
exit;
|
||||
}
|
||||
|
||||
$user_info = new userHandler;
|
||||
|
||||
define('LAN_PCONV_01','E107 Password Conversion Utility');
|
||||
define('LAN_PCONV_02','This utility converts all the passwords in your user database to current formats');
|
||||
define('LAN_PCONV_03','Caution!!!! Back up your database first!!!!!');
|
||||
define('LAN_PCONV_04','Proceed');
|
||||
define('LAN_PCONV_05','Convert md5 passwords to salted passwords');
|
||||
define('LAN_PCONV_06','Passwords for email address login');
|
||||
define('LAN_PCONV_07','Create');
|
||||
define('LAN_PCONV_08','Delete');
|
||||
define('LAN_PCONV_09','Do nothing');
|
||||
define('LAN_PCONV_10','Back up user database');
|
||||
define('LAN_PCONV_11', 'Yes');
|
||||
define('LAN_PCONV_12', 'Have you backed up your database?');
|
||||
define('LAN_PCONV_13', 'Backing up database');
|
||||
define('LAN_PCONV_14', 'Done');
|
||||
define('LAN_PCONV_15', 'Creating email passwords');
|
||||
define('LAN_PCONV_16', 'Deleting email passwords');
|
||||
define('LAN_PCONV_17', 'Scanning database...');
|
||||
define('LAN_PCONV_18', 'Cannot open user table');
|
||||
define('LAN_PCONV_19', 'Creates a table called \'user_backup\' with the information about to be changed. If the table already exists, it is emptied first');
|
||||
define('LAN_PCONV_20', 'Error creating backup table');
|
||||
define('LAN_PCONV_21', 'Error copying to backup table');
|
||||
define('LAN_PCONV_22', 'Total --TOTAL-- users checked');
|
||||
define('LAN_PCONV_23', 'Total --TOTAL-- email passwords calculated');
|
||||
define('LAN_PCONV_24', 'Total --TOTAL-- user passwords updated');
|
||||
define('LAN_PCONV_25', 'Total --TOTAL-- users could not be updated');
|
||||
define('LAN_PCONV_26', 'Create Backup');
|
||||
define('LAN_PCONV_27', 'Restore backup');
|
||||
define('LAN_PCONV_28', 'Restoring from backup....');
|
||||
define('LAN_PCONV_29', 'Backup database table not found!');
|
||||
define('LAN_PCONV_30', 'Cannot access backup table');
|
||||
define('LAN_PCONV_31', '');
|
||||
define('LAN_PCONV_32', '');
|
||||
define('LAN_PCONV_33', '');
|
||||
define('LAN_PCONV_34', '');
|
||||
define('LAN_PCONV_35', '');
|
||||
|
||||
|
||||
function multi_radio($name, $textsVals, $currentval = '')
|
||||
{
|
||||
$ret = '';
|
||||
$gap = '';
|
||||
foreach ($textsVals as $v => $t)
|
||||
{
|
||||
$sel = ($v == $currentval) ? " checked='checked'" : "";
|
||||
$ret .= $gap."<input type='radio' name='{$name}' value='{$v}'{$sel} /> ".$t."\n";
|
||||
// $gap = " ";
|
||||
$gap = "<br />";
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
|
||||
|
||||
$recordCount = 0;
|
||||
$emailProcess = 0;
|
||||
$saltProcess = 0;
|
||||
$cantProcess = 0;
|
||||
$cookieChange = '';
|
||||
|
||||
require(HEADERF);
|
||||
$pc_db = new db;
|
||||
if (isset($_POST['GetOnWithIt']))
|
||||
{
|
||||
$doBackup = varset($_POST['doDBBackup'],0);
|
||||
$saltConvert = varset($_POST['convertToSalt'],0);
|
||||
$emailGen = varset($_POST['EmailPasswords'],0);
|
||||
if ($doBackup == 2)
|
||||
{
|
||||
$saltConvert = 0; // Don't do conversions if restoring database
|
||||
$emailGen = 0;
|
||||
}
|
||||
|
||||
$error = '';
|
||||
if ($emailGen == 1)
|
||||
{ // Scan DB for salted passwords
|
||||
}
|
||||
|
||||
|
||||
//-----------------------------------------
|
||||
// Backup user DB (selected fields)
|
||||
//-----------------------------------------
|
||||
if (!$error && ($doBackup == 1))
|
||||
{
|
||||
echo LAN_PCONV_13;
|
||||
if ($pc_db->db_Table_exists('user_backup'))
|
||||
{ // Completely delete table - avoids problems with incorrect structure
|
||||
$pc_db->db_Select_gen('DROP TABLE `#user_backup` ');
|
||||
}
|
||||
|
||||
$qry = "CREATE TABLE `#user_backup` (
|
||||
user_id int(10) unsigned NOT NULL,
|
||||
user_name varchar(100) NOT NULL default '',
|
||||
user_loginname varchar(100) NOT NULL default '',
|
||||
user_password varchar(50) NOT NULL default '',
|
||||
user_email varchar(100) NOT NULL default '',
|
||||
user_prefs text NOT NULL,
|
||||
PRIMARY KEY (user_id),
|
||||
UNIQUE KEY user_name (user_name)
|
||||
) TYPE=MyISAM;"; // If not exists, of course
|
||||
|
||||
if (!$pc_db->db_Select_gen($qry))
|
||||
{
|
||||
$error = LAN_PCONV_20;
|
||||
}
|
||||
|
||||
if (!$error)
|
||||
{
|
||||
$qry = "INSERT INTO `#user_backup` SELECT user_id, user_name, user_loginname, user_password, user_email, user_prefs FROM `#user` ";
|
||||
if ($pc_db->db_Select_gen($qry) === FALSE)
|
||||
{
|
||||
$error = LAN_PCONV_21;
|
||||
}
|
||||
}
|
||||
if (!$error) echo '...'.LAN_PCONV_14.'<br /><br />';
|
||||
}
|
||||
|
||||
|
||||
|
||||
//--------------------------------------
|
||||
// Restore from backup
|
||||
//--------------------------------------
|
||||
if (!$error && ($doBackup == 2))
|
||||
{
|
||||
echo LAN_PCONV_28;
|
||||
if (!$pc_db->db_Table_exists('user_backup'))
|
||||
{
|
||||
$error = LAN_PCONV_28;
|
||||
}
|
||||
if (!$error && $pc_db->db_Select('user_backup','*'))
|
||||
{
|
||||
while ($row = $pc_db->db_Fetch(MYSQL_ASSOC))
|
||||
{
|
||||
$uid = $row['user_id'];
|
||||
unset($row['user_id']);
|
||||
$sql->db_UpdateArray('user',$row," WHERE `user_id`={$uid}"); // Intentionally use $sql here
|
||||
if (USERID == $uid)
|
||||
{
|
||||
$cookieChange = $row['user_password'];
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$error = LAN_PCONV_30;
|
||||
}
|
||||
|
||||
if (!$error) echo '...'.LAN_PCONV_14.'<br /><br />';
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
//--------------------------------------
|
||||
// Change passwords
|
||||
//--------------------------------------
|
||||
if (!$error && $emailGen || $saltConvert)
|
||||
{ // Run through the DB doing conversions.
|
||||
echo LAN_PCONV_17;
|
||||
if ($pc_db->db_Select('user', 'user_id, user_name, user_loginname, user_password, user_email, user_prefs', '') === FALSE)
|
||||
{
|
||||
$error = LAN_PCONV_18;
|
||||
}
|
||||
if (!$error)
|
||||
{
|
||||
while ($row = $pc_db->db_Fetch())
|
||||
{ // Do conversions
|
||||
$recordCount++;
|
||||
$newData = array();
|
||||
$newPrefs = '';
|
||||
$user_prefs = unserialize($row['user_prefs']);
|
||||
if ($saltConvert)
|
||||
{
|
||||
if ($user_info->canConvert($row['user_password']))
|
||||
{
|
||||
$newData['user_password'] = $user_info->ConvertPassword($row['user_password'], $row['user_loginname']);
|
||||
$saltProcess++;
|
||||
if (USERID == $row['user_id'])
|
||||
{
|
||||
$cookieChange = $newData['user_password'];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$cantProcess++;
|
||||
}
|
||||
}
|
||||
if (($emailGen == 1) && $user_info->canConvert($row['user_password']))
|
||||
{
|
||||
$user_prefs['email_password'] = $user_info->ConvertPassword($row['user_password'], $row['user_email']);
|
||||
$emailProcess++;
|
||||
}
|
||||
elseif ($emailGen == 2)
|
||||
{
|
||||
unset($user_prefs['email_password']);
|
||||
$emailProcess++;
|
||||
}
|
||||
if (count($user_prefs)) $newPrefs = serialize($user_prefs); else $newPrefs = '';
|
||||
if($newPrefs != $user_prefs)
|
||||
{
|
||||
$newData['user_prefs'] = $newPrefs;
|
||||
}
|
||||
|
||||
if (count($newData)) $sql->db_UpdateArray('user',$newData, " WHERE `user_id`={$row['user_id']}");
|
||||
}
|
||||
}
|
||||
echo str_replace('--TOTAL--',$recordCount, LAN_PCONV_22).'<br />';
|
||||
echo str_replace('--TOTAL--',$saltProcess, LAN_PCONV_24).'<br />';
|
||||
echo str_replace('--TOTAL--',$emailProcess, LAN_PCONV_23).'<br />';
|
||||
echo str_replace('--TOTAL--',$cantProcess, LAN_PCONV_25).'<br />';
|
||||
echo '<br />';
|
||||
}
|
||||
|
||||
if ($error)
|
||||
{
|
||||
echo '<br />'.$error.'<br /><br />';
|
||||
require_once(FOOTERF);
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
if ($cookieChange)
|
||||
{
|
||||
// echo "Cookie Updated.<br /><br />";
|
||||
$cookieval = USERID.".".md5($cookieChange); // Just changed admin password, and hence cookie
|
||||
cookie($pref['cookie_name'], $cookieval);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$text =
|
||||
"<div style='text-align:center'>
|
||||
<form method='post' action='".e_SELF."' onsubmit=\"return jsconfirm('".LAN_PCONV_12."')\">
|
||||
<table style='width:95%' class='fborder'>
|
||||
<colgroup>
|
||||
<col style='width:60%' />
|
||||
<col style='width:40%' />
|
||||
</colgroup>
|
||||
|
||||
<tr>
|
||||
<td colspan='2' class='forumheader3' style='text-align:center'>".LAN_PCONV_01."
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan='2' class='forumheader3' style='text-align:center'>".LAN_PCONV_02."<br />".LAN_PCONV_03."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class='forumheader3'>".LAN_PCONV_10."<br /><span class='smalltext'>".LAN_PCONV_19."</span></td>
|
||||
<td class='forumheader3'>".multi_radio('doDBBackup',array('0' => LAN_PCONV_09, '1' => LAN_PCONV_26, '2' => LAN_PCONV_27),'')."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class='forumheader3'>".LAN_PCONV_05."</td>
|
||||
<td class='forumheader3'>".multi_radio('convertToSalt',array('0' => LAN_PCONV_09, '1' => LAN_PCONV_11),'')."
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class='forumheader3'>".LAN_PCONV_06."</td>
|
||||
<td class='forumheader3'>".multi_radio('EmailPasswords',array('0' => LAN_PCONV_09, '1' => LAN_PCONV_07, '2' => LAN_PCONV_08),'')."
|
||||
</td>
|
||||
</tr>";
|
||||
|
||||
$text .= "
|
||||
<tr>
|
||||
<td class='forumheader3' colspan='3' style='text-align:center'>
|
||||
<input class='button' type='submit' name='GetOnWithIt' value='".LAN_PCONV_04."' />
|
||||
</td>
|
||||
</tr>";
|
||||
|
||||
|
||||
|
||||
|
||||
$text .= "
|
||||
</table>\n
|
||||
</form>
|
||||
</div><br />";
|
||||
$ns->tablerender(LAN_PCONV_01, $text);
|
||||
|
||||
require_once(FOOTERF);
|
||||
|
||||
|
||||
|
||||
?>
|
||||
@@ -12,8 +12,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_handlers/admin_log_class.php,v $
|
||||
| $Revision: 1.10 $
|
||||
| $Date: 2008-04-07 21:35:38 $
|
||||
| $Revision: 1.11 $
|
||||
| $Date: 2008-06-13 20:20:21 $
|
||||
| $Author: e107steved $
|
||||
|
||||
To do:
|
||||
@@ -76,7 +76,7 @@ class e_admin_log {
|
||||
define('USER_AUDIT_NEW_DN',15); // User changed display name
|
||||
define('USER_AUDIT_NEW_PW',16); // User changed password
|
||||
define('USER_AUDIT_NEW_EML',17); // User changed email
|
||||
define('USER_AUDIT_PW_RES',18); // Password reset
|
||||
define('USER_AUDIT_PW_RES',18); // Password reset/resent activation email
|
||||
define('USER_AUDIT_NEW_SET',19); // User changed other settings
|
||||
define('USER_AUDIT_ADD_ADMIN',20); // User added by admin
|
||||
}
|
||||
|
||||
@@ -12,19 +12,38 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $
|
||||
| $Revision: 1.17 $
|
||||
| $Date: 2008-01-22 01:41:36 $
|
||||
| $Author: e107coders $
|
||||
| $Revision: 1.18 $
|
||||
| $Date: 2008-06-13 20:20:21 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
|
||||
|
||||
if (!defined('e107_INIT')) { exit; }
|
||||
|
||||
include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_login.php");
|
||||
error_reporting(E_ALL);
|
||||
|
||||
|
||||
require_once(e_HANDLER.'user_handler.php');
|
||||
include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_login.php');
|
||||
|
||||
define ('LOGIN_CONTINUE',1); // Not rejected (which is not exactly the same as 'accepted') by alt_auth
|
||||
define ('LOGIN_ABORT',-1); // Rejected by alt_auth
|
||||
define ('LOGIN_BAD_PW', -2); // Password wrong
|
||||
define ('LOGIN_BAD_USER', -3); // User not in DB
|
||||
define ('LOGIN_BAD_USERNAME', -4); // Username format unacceptable (e.g. too long)
|
||||
define ('LOGIN_BAD_CODE', -5); // Wrong image code entered
|
||||
define ('LOGIN_MULTIPLE', -6); // Error if multiple logins not allowed
|
||||
define ('LOGIN_NOT_ACTIVATED', -7); // User in DB, not activated
|
||||
define ('LOGIN_BLANK_FIELD', -8); // Username or password blank
|
||||
define ('LOGIN_BAD_TRIGGER', -9); // Rejected by trigger event
|
||||
define ('LOGIN_BANNED', -10); // Banned user attempting login
|
||||
define ('LOGIN_CHAP_FAIL', -11); // CHAP login failed
|
||||
|
||||
|
||||
class userlogin
|
||||
{
|
||||
function userlogin($username, $userpass, $autologin)
|
||||
function userlogin($username, $userpass, $autologin, $response = '')
|
||||
{
|
||||
/* Constructor
|
||||
# Class called when user attempts to log in
|
||||
@@ -42,22 +61,19 @@ class userlogin
|
||||
|
||||
if($_E107['cli'] && ($username == ""))
|
||||
{
|
||||
return;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if($username == "" || $userpass == "")
|
||||
$fip = $e107->getip();
|
||||
if($username == "" || (($userpass == "") && ($response == '')))
|
||||
{ // Required fields blank
|
||||
define("LOGINMESSAGE", LAN_LOGIN_20."<br /><br />");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_01',$username,FALSE,LOG_TO_ROLLING);
|
||||
return FALSE;
|
||||
return $this->invalidLogin($username,LOGIN_BLANK_FIELD,$fip);
|
||||
}
|
||||
|
||||
if(!is_object($sql)) { $sql = new db; }
|
||||
|
||||
$fip = $e107->getip();
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'IP: '.$fip,FALSE,LOG_TO_ROLLING);
|
||||
$e107->check_ban("banlist_ip='{$fip}' ",FALSE); // This will exit if a ban is in force
|
||||
// if($sql -> db_Select("banlist", "*", "banlist_ip='{$fip}' ")) { exit;}
|
||||
|
||||
$autologin = intval($autologin);
|
||||
|
||||
@@ -68,224 +84,347 @@ class userlogin
|
||||
{
|
||||
require_once(e_PLUGIN."alt_auth/alt_auth_login_class.php");
|
||||
$result = new alt_login($pref['auth_method'], $username, $userpass);
|
||||
if ($result == LOGIN_ABORT)
|
||||
{ // Invalid user
|
||||
return $this->invalidLogin($username,LOGIN_ABORT,$fip);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
|
||||
|
||||
// Check secure image
|
||||
if ($pref['logcode'] && extension_loaded("gd"))
|
||||
{
|
||||
require_once(e_HANDLER."secure_img_handler.php");
|
||||
$sec_img = new secure_image;
|
||||
if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify']))
|
||||
{ // Invalid code
|
||||
define("LOGINMESSAGE", LAN_LOGIN_23."<br /><br />");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_02','',FALSE,LOG_TO_ROLLING);
|
||||
return FALSE;
|
||||
return $this->invalidLogin($username,LOGIN_BAD_CODE,$fip);
|
||||
}
|
||||
}
|
||||
$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
|
||||
|
||||
// Check username general format
|
||||
if (strlen($username) > varset($pref['loginname_maxlength'],30))
|
||||
{ // Error - invalid username
|
||||
define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_08',$username,FALSE,LOG_TO_ROLLING);
|
||||
return FALSE;
|
||||
return $this->invalidLogin($username,LOGIN_BAD_USERNAME,$fip);
|
||||
}
|
||||
$ouserpass = $userpass;
|
||||
$userpass = md5($ouserpass);
|
||||
|
||||
if (!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."'"))
|
||||
$lookemail = varset($pref['allowEmailLogin'],0) && (strpos($username,'@') !== FALSE); // See if we look up against email or user name
|
||||
// Look up user in DB - even if email addresses allowed, still look up by user name as well - user could have specified email address for their login name
|
||||
if ($sql->db_Select("user", "*", "`user_loginname`= '".$tp -> toDB($username)."'".($lookemail ? " OR `user_email` = '".$tp -> toDB($username)."'" : '') ) !== 1) // Handle duplicate emails as well
|
||||
{ // Invalid user
|
||||
define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
|
||||
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_14." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_04',$username,FALSE,LOG_TO_ROLLING);
|
||||
$this -> checkibr($fip);
|
||||
return FALSE;
|
||||
return $this->invalidLogin($username,LOGIN_BAD_USER,$fip);
|
||||
}
|
||||
else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}'"))
|
||||
{ // Invalid user/password combination
|
||||
define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_03',$username,FALSE,LOG_TO_ROLLING);
|
||||
return FALSE;
|
||||
|
||||
// User is in DB here
|
||||
$lode = $sql -> db_Fetch(); // Get user info
|
||||
$lode['user_perms'] = trim($lode['user_perms']);
|
||||
$lookemail = $lookemail && ($tp -> toDB($username) == $lode['user_email']); // Know whether login name or email address used now
|
||||
if ($lookemail && varsettrue($pref['passwordEncoding']))
|
||||
{
|
||||
$tmp = unserialize($lode['user_prefs']);
|
||||
$requiredPassword = varset($tmp['email_password'],$lode['user_password']); // Use email-specific password if set. Otherwise, 'normal' one might work
|
||||
unset($tmp);
|
||||
}
|
||||
else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}' AND user_ban!=2 "))
|
||||
{ // User not fully signed up - hasn't activated account
|
||||
define("LOGINMESSAGE", LAN_LOGIN_22."<br /><br />");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_05',$username,FALSE,LOG_TO_ROLLING);
|
||||
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_15." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
|
||||
$this -> checkibr($fip);
|
||||
return FALSE;
|
||||
else
|
||||
{
|
||||
$requiredPassword = $lode['user_password'];
|
||||
}
|
||||
|
||||
// Now check password
|
||||
$user_info = new UserHandler();
|
||||
if ((($pref['password_CHAP'] > 0) && ($response && isset($_SESSION['challenge'])) && ($response != $_SESSION['challenge'])) || ($pref['password_CHAP'] == 2))
|
||||
{ // Verify using CHAP
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","CHAP login","U: {$username}, P: {$userpass}, C: {$_SESSION['challenge']} R:{$response} S: {$lode['user_password']}",FALSE,LOG_TO_ROLLING);
|
||||
if (($pass_result = $user_info->CheckCHAP($_SESSION['challenge'], $response, $username, $requiredPassword)) === PASSWORD_INVALID)
|
||||
{
|
||||
return $this->invalidLogin($username,LOGIN_CHAP_FAIL,$fip);
|
||||
}
|
||||
}
|
||||
else
|
||||
{ // Plaintext password
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Plaintext login","U: {$username}, P: {$userpass}, C: {$_SESSION['challenge']} R:{$response} S: {$lode['user_password']}",FALSE,LOG_TO_ROLLING);
|
||||
if (($pass_result = $user_info->CheckPassword($userpass,($lookemail ? $lode['user_loginname'] : $username),$requiredPassword)) === PASSWORD_INVALID)
|
||||
{
|
||||
return $this->invalidLogin($username,LOGIN_BAD_PW,$fip);
|
||||
}
|
||||
}
|
||||
|
||||
// Check user status
|
||||
switch ($lode['user_ban'])
|
||||
{
|
||||
case USER_REGISTERED_NOT_VALIDATED : // User not fully signed up - hasn't activated account.
|
||||
return $this->invalidLogin($username,LOGIN_NOT_ACTIVATED,$fip);
|
||||
case USER_BANNED : // User banned
|
||||
return $this->invalidLogin($username,LOGIN_BANNED,$fip,$lode['user_id']);
|
||||
case USER_VALIDATED : // Valid user
|
||||
break; // Nothing to do ATM
|
||||
default : // May want to pick this up
|
||||
}
|
||||
|
||||
|
||||
// User is OK as far as core is concerned
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User passed basics',FALSE,LOG_TO_ROLLING);
|
||||
if ($pass_result !== PASSWORD_VALID)
|
||||
{ // May want to rewrite password using salted hash (or whatever the preferred method is) - $pass_result has the value to write
|
||||
// If login by email address also allowed, will have to write that value too
|
||||
// $sql->db_Update('user',"`user_password` = '{$pass_result}' WHERE `user_id`=".intval($lode['user_id']));
|
||||
}
|
||||
|
||||
|
||||
$userpass = ''; // Finished with any plaintext password - can get rid of it
|
||||
|
||||
|
||||
$ret = $e_event->trigger("preuserlogin", $username);
|
||||
if ($ret != '')
|
||||
{
|
||||
return $this->invalidLogin($username,LOGIN_BAD_TRIGGER,$fip,$ret);
|
||||
}
|
||||
|
||||
|
||||
// Trigger events happy as well
|
||||
$user_id = $lode['user_id'];
|
||||
$user_name = $lode['user_name'];
|
||||
$user_xup = $lode['user_xup'];
|
||||
|
||||
/* restrict more than one person logging in using same us/pw */
|
||||
if($pref['disallowMultiLogin'])
|
||||
{
|
||||
if($sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'"))
|
||||
{
|
||||
return $this->invalidLogin($username,LOGIN_MULTIPLE,$fip,$user_id);
|
||||
}
|
||||
}
|
||||
|
||||
if($user_xup)
|
||||
{
|
||||
$this->update_xup($user_id, $user_xup);
|
||||
}
|
||||
|
||||
|
||||
$cookieval = $user_id.".".md5($lode['user_password']); // (Use extra md5 on cookie value to obscure hashed value for password)
|
||||
if ($pref['user_tracking'] == "session")
|
||||
{
|
||||
$_SESSION[$pref['cookie_name']] = $cookieval;
|
||||
}
|
||||
else
|
||||
{ // User is OK as far as core is concerned
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User passed basics',FALSE,LOG_TO_ROLLING);
|
||||
$ret = $e_event->trigger("preuserlogin", $username);
|
||||
if ($ret!='')
|
||||
{
|
||||
define("LOGINMESSAGE", $ret."<br /><br />");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_06',$username,FALSE,LOG_TO_ROLLING);
|
||||
return FALSE;
|
||||
{
|
||||
if ($autologin == 1)
|
||||
{ // Cookie valid for up to 30 days
|
||||
cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30));
|
||||
}
|
||||
else
|
||||
{ // Trigger events happy as well
|
||||
$lode = $sql -> db_Fetch(); // Get user info
|
||||
$lode['user_perms'] = trim($lode['user_perms']);
|
||||
$user_id = $lode['user_id'];
|
||||
$user_name = $lode['user_name'];
|
||||
$user_xup = $lode['user_xup'];
|
||||
{
|
||||
cookie($pref['cookie_name'], $cookieval);
|
||||
}
|
||||
}
|
||||
|
||||
/* restrict more than one person logging in using same us/pw */
|
||||
if($pref['disallowMultiLogin'])
|
||||
{
|
||||
if($sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'"))
|
||||
// User login definitely accepted here
|
||||
|
||||
|
||||
// Calculate class membership - needed for a couple of things
|
||||
// Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
|
||||
$class_list = explode(',',$lode['user_class']);
|
||||
if ($lode['user_admin'] && strlen($lode['user_perms']))
|
||||
{
|
||||
$class_list[] = e_UC_ADMIN;
|
||||
if (strpos($lode['user_perms'],'0') === 0)
|
||||
{
|
||||
$class_list[] = e_UC_MAINADMIN;
|
||||
}
|
||||
}
|
||||
$class_list[] = e_UC_MEMBER;
|
||||
$class_list[] = e_UC_PUBLIC;
|
||||
|
||||
$user_logging_opts = array_flip(explode(',',varset($pref['user_audit_opts'],'')));
|
||||
if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'],''),$class_list))
|
||||
{ // Need to note in user audit trail
|
||||
$admin_log->user_audit(USER_AUDIT_LOGIN,'', $user_id,$user_name);
|
||||
}
|
||||
|
||||
$edata_li = array("user_id" => $user_id, "user_name" => $username, 'class_list' => implode(',',$class_list), 'remember_me' => $autologin);
|
||||
$e_event->trigger("login", $edata_li);
|
||||
|
||||
if($_E107['cli'])
|
||||
{
|
||||
return $cookieval;
|
||||
}
|
||||
|
||||
$redir = e_SELF;
|
||||
if (e_QUERY) $redir .= '?'.str_replace('&','&',e_QUERY);
|
||||
if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force']))
|
||||
{ // See if we're to force a page immediately following login - assumes $pref['frontpage_force'] is an ordered list of rules
|
||||
// $log_info = "New user: ".$lode['user_name']." Class: ".$lode['user_class']." Admin: ".$lode['user_admin']." Perms: ".$lode['user_perms'];
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login Start",$log_info,FALSE,FALSE);
|
||||
foreach ($pref['frontpage_force'] as $fk=>$fp)
|
||||
{
|
||||
if (in_array($fk,$class_list))
|
||||
{ // We've found the entry of interest
|
||||
if (strlen($fp))
|
||||
{
|
||||
define("LOGINMESSAGE", LAN_LOGIN_24."<br /><br />");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_07',"U: {$username} IP: {$fip}",FALSE,LOG_TO_ROLLING);
|
||||
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', '{$user_id}', '".LAN_LOGIN_16." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
|
||||
$this -> checkibr($fip);
|
||||
return FALSE;
|
||||
$redir = ((strpos($fp, 'http') === FALSE) ? e_BASE : '').$tp -> replaceConstants($fp, TRUE, FALSE);
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Redirect active",$redir,FALSE,FALSE);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
$cookieval = $user_id.".".md5($userpass);
|
||||
if($user_xup)
|
||||
{
|
||||
$this->update_xup($user_id, $user_xup);
|
||||
}
|
||||
|
||||
if ($pref['user_tracking'] == "session")
|
||||
{
|
||||
$_SESSION[$pref['cookie_name']] = $cookieval;
|
||||
}
|
||||
else
|
||||
{
|
||||
if ($autologin == 1)
|
||||
{ // Cookie valid for up to 30 days
|
||||
cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30));
|
||||
}
|
||||
else
|
||||
{
|
||||
cookie($pref['cookie_name'], $cookieval);
|
||||
}
|
||||
}
|
||||
|
||||
// User login definitely accepted here
|
||||
|
||||
|
||||
// Calculate class membership - needed for a couple of things
|
||||
// Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
|
||||
$class_list = explode(',',$lode['user_class']);
|
||||
if ($lode['user_admin'] && strlen($lode['user_perms']))
|
||||
{
|
||||
$class_list[] = e_UC_ADMIN;
|
||||
if (strpos($lode['user_perms'],'0') === 0)
|
||||
{
|
||||
$class_list[] = e_UC_MAINADMIN;
|
||||
}
|
||||
}
|
||||
$class_list[] = e_UC_MEMBER;
|
||||
$class_list[] = e_UC_PUBLIC;
|
||||
|
||||
$user_logging_opts = array_flip(explode(',',varset($pref['user_audit_opts'],'')));
|
||||
if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'],''),$class_list))
|
||||
{ // Need to note in user audit trail
|
||||
$admin_log->user_audit(USER_AUDIT_LOGIN,'', $user_id,$user_name);
|
||||
}
|
||||
|
||||
$edata_li = array("user_id" => $user_id, "user_name" => $username, 'class_list' => implode(',',$class_list), 'remember_me' => $autologin);
|
||||
$e_event->trigger("login", $edata_li);
|
||||
$redir = (e_QUERY ? e_SELF."?".e_QUERY : e_SELF);
|
||||
|
||||
if($_E107['cli'])
|
||||
{
|
||||
return $cookieval;
|
||||
}
|
||||
|
||||
if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force']))
|
||||
{ // See if we're to force a page immediately following login - assumes $pref['frontpage_force'] is an ordered list of rules
|
||||
// $log_info = "New user: ".$lode['user_name']." Class: ".$lode['user_class']." Admin: ".$lode['user_admin']." Perms: ".$lode['user_perms'];
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login Start",$log_info,FALSE,FALSE);
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","New User class",implode(',',$class_list),FALSE,FALSE);
|
||||
foreach ($pref['frontpage_force'] as $fk=>$fp)
|
||||
{
|
||||
if (in_array($fk,$class_list))
|
||||
{ // We've found the entry of interest
|
||||
if (strlen($fp))
|
||||
{
|
||||
$redir = ((strpos($fp, 'http') === FALSE) ? e_BASE : '').$tp -> replaceConstants($fp, TRUE, FALSE);
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Redirect active",$redir,FALSE,FALSE);
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (strstr($_SERVER['SERVER_SOFTWARE'], "Apache")) {
|
||||
header("Location: ".$redir);
|
||||
exit;
|
||||
} else {
|
||||
echo "<script type='text/javascript'>document.location.href='{$redir}'</script>\n";
|
||||
}
|
||||
}
|
||||
if (strstr($_SERVER['SERVER_SOFTWARE'], "Apache"))
|
||||
{
|
||||
header("Location: ".$redir);
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
echo "<script type='text/javascript'>document.location.href='{$redir}'</script>\n";
|
||||
}
|
||||
}
|
||||
|
||||
function checkibr($fip)
|
||||
|
||||
// Function called to log the reason for a failed login. Currently always returns false - could return some other value
|
||||
function invalidLogin($username,$reason, $fip = '?', $extra_text = '')
|
||||
{
|
||||
global $sql, $pref, $tp, $e107;
|
||||
if($pref['autoban'] == 1 || $pref['autoban'] == 3)
|
||||
{ // Flood + Login or Login Only.
|
||||
$fails = $sql -> db_Count("generic", "(*)", "WHERE gen_ip='{$fip}' AND gen_type='failed_login' ");
|
||||
if($fails > 10)
|
||||
{
|
||||
$e107->add_ban(4,LAN_LOGIN_18,$fip,1);
|
||||
// $sql -> db_Insert("banlist", "'$fip', '1', '".LAN_LOGIN_18."' ");
|
||||
$sql -> db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '{$fip}', '{$user_id}', '".LAN_LOGIN_20.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
|
||||
|
||||
$doCheck = FALSE; // Flag set if need to ban check
|
||||
switch ($reason)
|
||||
{
|
||||
case LOGIN_ABORT : // alt_auth reject
|
||||
define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
|
||||
$this->genNote($fip,$username,'Alt_auth: '.LAN_LOGIN_14);
|
||||
$this->logNote('LAN_ROLL_LOG_04','Alt_Auth: '.$username);
|
||||
$doCheck = TRUE;
|
||||
break;
|
||||
case LOGIN_BAD_PW :
|
||||
define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
|
||||
$this->logNote('LAN_ROLL_LOG_03',$username);
|
||||
break;
|
||||
case LOGIN_CHAP_FAIL :
|
||||
define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
|
||||
$this->logNote('LAN_ROLL_LOG_03','CHAP: '.$username);
|
||||
break;
|
||||
case LOGIN_BAD_USER :
|
||||
define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
|
||||
$this->genNote($fip,$username,LAN_LOGIN_14);
|
||||
$this->logNote('LAN_ROLL_LOG_04',$username);
|
||||
$doCheck = TRUE;
|
||||
break;
|
||||
case LOGIN_BAD_USERNAME :
|
||||
define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
|
||||
$this->logNote('LAN_ROLL_LOG_08',$username);
|
||||
break;
|
||||
case LOGIN_MULTIPLE :
|
||||
define("LOGINMESSAGE", LAN_LOGIN_24."<br /><br />");
|
||||
$this->logNote('LAN_ROLL_LOG_07',"U: {$username} IP: {$fip}");
|
||||
$this->genNote($fip,$username,LAN_LOGIN_16);
|
||||
$doCheck = TRUE;
|
||||
break;
|
||||
case LOGIN_BAD_CODE :
|
||||
define("LOGINMESSAGE", LAN_LOGIN_23."<br /><br />");
|
||||
$this->logNote('LAN_ROLL_LOG_02',$username);
|
||||
break;
|
||||
case LOGIN_NOT_ACTIVATED :
|
||||
define("LOGINMESSAGE", LAN_LOGIN_22."<br /><br />");
|
||||
$this->logNote('LAN_ROLL_LOG_05',$username);
|
||||
$this->genNote($fip,$username,LAN_LOGIN_27);
|
||||
$doCheck = TRUE;
|
||||
break;
|
||||
case LOGIN_BLANK_FIELD :
|
||||
define("LOGINMESSAGE", LAN_LOGIN_20."<br /><br />");
|
||||
$this->logNote('LAN_ROLL_LOG_01',$username);
|
||||
break;
|
||||
case LOGIN_BAD_TRIGGER :
|
||||
define("LOGINMESSAGE", $extra_text."<br /><br />");
|
||||
$this->logNote('LAN_ROLL_LOG_06',$username);
|
||||
break;
|
||||
case LOGIN_BANNED :
|
||||
define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />"); // Just give 'incorrect login' message
|
||||
$this->genNote($fip,$username,LAN_LOGIN_25);
|
||||
$this->logNote('LAN_ROLL_LOG_09',$username);
|
||||
break;
|
||||
default : // Something's gone wrong!
|
||||
define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />"); // Just give 'incorrect login' message
|
||||
$this->genNote($fip,$username,LAN_LOGIN_26);
|
||||
$this->logNote('LAN_ROLL_LOG_10',$username);
|
||||
}
|
||||
|
||||
if ($doCheck)
|
||||
{ // See if ban required (formerly the checkibr() function)
|
||||
if($pref['autoban'] == 1 || $pref['autoban'] == 3)
|
||||
{ // Flood + Login or Login Only.
|
||||
$fails = $sql -> db_Count("generic", "(*)", "WHERE gen_ip='{$fip}' AND gen_type='failed_login' ");
|
||||
if($fails > 10)
|
||||
{
|
||||
$e107->add_ban(4,LAN_LOGIN_18,$fip,1);
|
||||
$sql -> db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '{$fip}', '{$extra_text}', '".LAN_LOGIN_20.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
|
||||
}
|
||||
}
|
||||
}
|
||||
return FALSE; // Passed back to signal failed login
|
||||
}
|
||||
|
||||
|
||||
// Make a note of an event in the rolling log
|
||||
function logNote($title,$text)
|
||||
{
|
||||
global $admin_log;
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",$title,$text,FALSE,LOG_TO_ROLLING);
|
||||
}
|
||||
|
||||
|
||||
// Make a note of an event in the 'generic' table
|
||||
function genNote($fip,$username,$msg1)
|
||||
{
|
||||
global $sql, $tp;
|
||||
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".$msg1." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
|
||||
}
|
||||
|
||||
|
||||
// This is called to update user settings from a XUP file - usually because the file name has changed.
|
||||
// $user_xup has the new file name
|
||||
function update_xup($user_id, $user_xup = "")
|
||||
{
|
||||
global $sql, $tp;
|
||||
if($user_xup)
|
||||
global $sql, $tp;
|
||||
if($user_xup)
|
||||
{
|
||||
require_once(e_HANDLER."xml_class.php");
|
||||
$xml = new xmlClass;
|
||||
if($rawData = $xml -> getRemoteFile($user_xup))
|
||||
{
|
||||
require_once(e_HANDLER."xml_class.php");
|
||||
$xml = new parseXml;
|
||||
if($rawData = $xml -> getRemoteXmlFile($user_xup))
|
||||
{
|
||||
preg_match_all("#\<meta name=\"(.*?)\" content=\"(.*?)\" \/\>#si", $rawData, $match);
|
||||
$count = 0;
|
||||
foreach($match[1] as $value)
|
||||
{
|
||||
$$value = $tp -> toDB($match[2][$count]);
|
||||
$count++;
|
||||
}
|
||||
preg_match_all("#\<meta name=\"(.*?)\" content=\"(.*?)\" \/\>#si", $rawData, $match);
|
||||
$count = 0;
|
||||
foreach($match[1] as $value)
|
||||
{
|
||||
$$value = $tp -> toDB($match[2][$count]);
|
||||
$count++;
|
||||
}
|
||||
|
||||
// List of fields in main user record, and their corresponding XUP fields
|
||||
$main_fields = array('user_realname' => 'FN',
|
||||
// List of fields in main user record, and their corresponding XUP fields
|
||||
$main_fields = array('user_realname' => 'FN',
|
||||
'user_hideemail'=>'EMAILHIDE',
|
||||
'user_signature'=>'SIG',
|
||||
'user_sess'=>'PHOTO',
|
||||
'user_image'=>'AV');
|
||||
|
||||
$new_values = array();
|
||||
foreach ($main_fields as $f => $v)
|
||||
{
|
||||
if (isset($$v) && $$v)
|
||||
{
|
||||
$new_values[$f] = $$v;
|
||||
}
|
||||
}
|
||||
$new_values = array();
|
||||
foreach ($main_fields as $f => $v)
|
||||
{
|
||||
if (isset($$v) && $$v)
|
||||
{
|
||||
$new_values[$f] = $$v;
|
||||
}
|
||||
}
|
||||
|
||||
// Use of db_updateArray() ensures only non-empty fields are changed
|
||||
$sql -> db_UpdateArray("user", $new_values, "WHERE user_id='".intval($user_id)."'");
|
||||
// Use of db_updateArray() ensures only non-empty fields are changed
|
||||
$sql -> db_UpdateArray("user", $new_values, "WHERE user_id='".intval($user_id)."'");
|
||||
// $sql -> db_Update("user", "user_realname='{$FN}', user_hideemail='{$EMAILHIDE}', user_signature='{$SIG}', user_sess='{$PHOTO}', user_image='{$AV}', user_timezone='{$TZ}' WHERE user_id='".intval($user_id)."'");
|
||||
|
||||
$ue_fields = "";
|
||||
$fields = array("URL" => "homepage",
|
||||
$ue_fields = "";
|
||||
$fields = array("URL" => "homepage",
|
||||
"ICQ" => "icq",
|
||||
"AIM" => "aim",
|
||||
"MSN" => "msn",
|
||||
@@ -293,29 +432,29 @@ class userlogin
|
||||
"GEO" => "location",
|
||||
"TZ" => 'timezone',
|
||||
"BDAY" => "birthday");
|
||||
include_once(e_HANDLER."user_extended_class.php");
|
||||
$usere = new e107_user_extended;
|
||||
$extList = $usere->user_extended_get_fieldList();
|
||||
$extName = array();
|
||||
foreach($extList as $ext)
|
||||
{
|
||||
$extName[] = $ext['user_extended_struct_name'];
|
||||
}
|
||||
foreach($fields as $keyxup => $keydb)
|
||||
{
|
||||
if (in_array($keydb, $extName))
|
||||
{
|
||||
$key = "user_".$keydb;
|
||||
$key = $tp->toDB($key);
|
||||
$val = $tp->toDB($$keyxup);
|
||||
$ue_fields .= ($ue_fields) ? ", " : "";
|
||||
$ue_fields .= $key."='".$val."'";
|
||||
}
|
||||
}
|
||||
$sql -> db_Select_gen("INSERT INTO #user_extended (user_extended_id) values ('".intval($user_id)."')");
|
||||
$sql -> db_Update("user_extended", $ue_fields." WHERE user_extended_id = '".intval($user_id)."'");
|
||||
include_once(e_HANDLER."user_extended_class.php");
|
||||
$usere = new e107_user_extended;
|
||||
$extList = $usere->user_extended_get_fieldList();
|
||||
$extName = array();
|
||||
foreach($extList as $ext)
|
||||
{
|
||||
$extName[] = $ext['user_extended_struct_name'];
|
||||
}
|
||||
foreach($fields as $keyxup => $keydb)
|
||||
{
|
||||
if (in_array($keydb, $extName))
|
||||
{
|
||||
$key = "user_".$keydb;
|
||||
$key = $tp->toDB($key);
|
||||
$val = $tp->toDB($$keyxup);
|
||||
$ue_fields .= ($ue_fields) ? ", " : "";
|
||||
$ue_fields .= $key."='".$val."'";
|
||||
}
|
||||
}
|
||||
$sql -> db_Select_gen("INSERT INTO #user_extended (user_extended_id) values ('".intval($user_id)."')");
|
||||
$sql -> db_Update("user_extended", $ue_fields." WHERE user_extended_id = '".intval($user_id)."'");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -11,8 +11,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_handlers/user_extended_class.php,v $
|
||||
| $Revision: 1.12 $
|
||||
| $Date: 2008-05-25 15:31:58 $
|
||||
| $Revision: 1.13 $
|
||||
| $Date: 2008-06-13 20:20:21 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -94,6 +94,33 @@ class e107_user_extended
|
||||
}
|
||||
|
||||
|
||||
// $val is whatever the user entered.
|
||||
// $params is the field definition
|
||||
// Return FALSE if acceptable, TRUE if fail , error message on regex fail if the message is defined
|
||||
function user_extended_validate_entry($val, $params)
|
||||
{
|
||||
global $tp;
|
||||
$parms = explode("^,^", $params['user_extended_struct_parms']);
|
||||
$requiredField = $params['user_extended_struct_required'] == 1;
|
||||
$regex = $tp->toText($parms[1]);
|
||||
$regexfail = $tp->toText($parms[2]);
|
||||
if (defined($regexfail)) { $regexfail = constant($regexfail); }
|
||||
if($val == '' && $requiredField) return TRUE;
|
||||
switch ($type)
|
||||
{
|
||||
case EUF_DATE :
|
||||
if ($requiredField && ($val == '0000-00-00')) return TRUE;
|
||||
break;
|
||||
}
|
||||
if($regex != "" && $val != "")
|
||||
{
|
||||
if(!preg_match($regex, $val)) return $regexfail ? $regexfail : TRUE;
|
||||
}
|
||||
return FALSE; // Pass by default here
|
||||
}
|
||||
|
||||
|
||||
|
||||
function user_extended_get_categories($byID = TRUE)
|
||||
{
|
||||
$ret = array();
|
||||
|
||||
362
e107_handlers/user_handler.php
Normal file
362
e107_handlers/user_handler.php
Normal file
@@ -0,0 +1,362 @@
|
||||
<?php
|
||||
/*
|
||||
+ ----------------------------------------------------------------------------+
|
||||
| e107 website system
|
||||
|
|
||||
| <20>Steve Dunstan 2001-2002
|
||||
| http://e107.org
|
||||
| jalist@e107.org
|
||||
|
|
||||
| Released under the terms and conditions of the
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_handlers/user_handler.php,v $
|
||||
| $Revision: 1.1 $
|
||||
| $Date: 2008-06-13 20:20:21 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
|
||||
|
||||
/*
|
||||
USER HANDLER CLASS - manages login and various user functions
|
||||
|
||||
*/
|
||||
|
||||
|
||||
if (!defined('e107_INIT')) { exit; }
|
||||
|
||||
|
||||
define('USER_VALIDATED',0);
|
||||
define('USER_BANNED',1);
|
||||
define('USER_REGISTERED_NOT_VALIDATED',2);
|
||||
define('USER_EMAIL_BOUNCED', 3);
|
||||
define('USER_BOUNCED_RESET', 4);
|
||||
define('USER_TEMPORARY_ACCOUNT', 5);
|
||||
|
||||
|
||||
define('PASSWORD_E107_MD5',0);
|
||||
define('PASSWORD_E107_SALT',1);
|
||||
|
||||
define('PASSWORD_E107_ID','$E$'); // E107 salted
|
||||
|
||||
|
||||
define('PASSWORD_INVALID', FALSE);
|
||||
define('PASSWORD_VALID',TRUE);
|
||||
define ('PASSWORD_DEFAULT_TYPE',PASSWORD_E107_MD5);
|
||||
//define ('PASSWORD_DEFAULT_TYPE',PASSWORD_E107_SALT);
|
||||
|
||||
|
||||
class UserHandler
|
||||
{
|
||||
var $preferred = PASSWORD_DEFAULT_TYPE; // Preferred password format
|
||||
var $passwordOpts = 0; // Copy of pref
|
||||
var $passwordEmail = FALSE; // True if can use email address to log in
|
||||
|
||||
// Constructor
|
||||
function UserHandler()
|
||||
{
|
||||
global $pref;
|
||||
$this->passwordOpts = varset($pref['passwordEncoding'],0);
|
||||
$this->passwordEmail = varset($pref['allowEmailLogin'],FALSE);
|
||||
switch ($this->passwordOpts)
|
||||
{
|
||||
case 1 :
|
||||
case 2 :
|
||||
$this->preferred = PASSWORD_E107_SALT;
|
||||
break;
|
||||
case 0 :
|
||||
default :
|
||||
$this->preferred = PASSWORD_E107_MD5;
|
||||
$this->passwordOpts = 0; // In case it got set to some stupid value
|
||||
break;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
// Given plaintext password and login name, generate password string to store in DB
|
||||
function HashPassword($password, $login_name, $force='')
|
||||
{
|
||||
if ($force == '') $force = $this->preferred;
|
||||
switch ($force)
|
||||
{
|
||||
case PASSWORD_E107_MD5 :
|
||||
return md5($password);
|
||||
|
||||
case PASSWORD_E107_SALT :
|
||||
return PASSWORD_E107_ID.md5(md5($password).$login_name);
|
||||
break;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
// Verify existing plaintext password against a stored hash value (which defines the encoding format and any 'salt')
|
||||
// Return PASSWORD_INVALID if invalid password
|
||||
// Return PASSWORD_VALID if valid password
|
||||
// Return a new hash to store if valid password but non-preferred encoding
|
||||
function CheckPassword($password, $login_name, $stored_hash)
|
||||
{
|
||||
if (strlen(trim($password)) == 0) return PASSWORD_INVALID;
|
||||
if (($this->passwordOpts <= 1) && (strlen($stored_hash) == 32))
|
||||
{ // Its simple md5 encoding
|
||||
if (md5($password) !== $stored_hash) return PASSWORD_INVALID;
|
||||
if ($this->preferred == PASSWORD_E107_MD5) return PASSWORD_VALID;
|
||||
return $this->HashPassword($password); // Valid password, but non-preferred encoding; return the new hash
|
||||
}
|
||||
|
||||
// Allow the salted password even if disabled - for those that do try to go back!
|
||||
// if (($this->passwordOpts >= 1) && (strlen($stored_hash) == 35) && (substr($stored_hash,0,3) == PASSWORD_E107_ID))
|
||||
if ((strlen($stored_hash) == 35) && (substr($stored_hash,0,3) == PASSWORD_E107_ID))
|
||||
{ // Its the standard E107 salted hash
|
||||
$hash = $this->HashPassword($password, $login_name, PASSWORD_E107_SALT);
|
||||
if ($hash === FALSE) return PASSWORD_INVALID;
|
||||
return ($hash == $stored_hash) ? PASSWORD_VALID : PASSWORD_INVALID;
|
||||
}
|
||||
|
||||
return PASSWORD_INVALID;
|
||||
}
|
||||
|
||||
|
||||
// Verifies a standard response to a CHAP challenge
|
||||
function CheckCHAP($challenge, $response, $login_name, $stored_hash )
|
||||
{
|
||||
if (strlen($challenge) != 40) return PASSWORD_INVALID;
|
||||
if (strlen($response) != 32) return PASSWORD_INVALID;
|
||||
$valid_ret = PASSWORD_VALID;
|
||||
if (strlen($stored_hash) == 32)
|
||||
{ // Its simple md5 password storage
|
||||
$stored_hash = PASSWORD_E107_ID.md5($stored_hash.$login_name); // Convert to the salted format always used by CHAP
|
||||
if ($this->passwordOpts != PASSWORD_E107_MD5) $valid_ret = $stored_response;
|
||||
}
|
||||
$testval = md5(substr($stored_hash,strlen(PASSWORD_E107_ID)).$challenge);
|
||||
if ($testval == $response) return $valid_ret;
|
||||
return PASSWORD_INVALID;
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Checks whether the user has to validate a user setting change by entering password (basically, if that field affects the
|
||||
// stored password value)
|
||||
// Returns TRUE if change required, FALSE otherwise
|
||||
function isPasswordRequired($fieldName)
|
||||
{
|
||||
if ($this->preferred == PASSWORD_E107_MD5) return FALSE;
|
||||
switch ($fieldName)
|
||||
{
|
||||
case 'user_email' :
|
||||
return $this->passwordEmail;
|
||||
case 'user_loginname' :
|
||||
return TRUE;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
// Checks whether the password value can be converted to the current default
|
||||
// Returns TRUE if conversion possible.
|
||||
// Returns FALSE if conversion not possible, or not needed
|
||||
function canConvert($password)
|
||||
{
|
||||
if ($this->preferred == PASSWORD_E107_MD5) return FALSE;
|
||||
if (strlen($password) == 32) return TRUE; // Can convert from md5 to salted
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
// Given md5-encoded password and login name, generate password string to store in DB
|
||||
function ConvertPassword($password, $login_name)
|
||||
{
|
||||
if ($this->canConvert($password) === FALSE) return $password;
|
||||
return PASSWORD_E107_ID.md5($password.$login_name);
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Generates a random user login name according to some pattern.
|
||||
// Checked for uniqueness.
|
||||
function generateUserLogin($pattern, $seed='')
|
||||
{
|
||||
$ul_sql = new db;
|
||||
if (strlen($pattern) < 6) $pattern = '##....';
|
||||
do
|
||||
{
|
||||
$newname = $this->generateRandomString($pattern, $seed);
|
||||
} while ($ul_sql->db_Select('user','user_id',"`user_loginname`='{$newname}'"));
|
||||
return $newname;
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Generates a random string - for user login name, password etc, according to some pattern.
|
||||
// Checked for uniqueness.
|
||||
// Pattern format:
|
||||
// # - an alpha character
|
||||
// . - a numeric character
|
||||
// * - an alphanumeric character
|
||||
// ^ - next character from seed
|
||||
// alphanumerics are included 'as is'
|
||||
function generateRandomString($pattern, $seed='')
|
||||
{
|
||||
if (strlen($pattern) < 6) $pattern = '##....';
|
||||
$newname = '';
|
||||
$seed_ptr = 0; // Next character of seed (if used)
|
||||
for ($i = 0; $i < strlen($pattern); $i++)
|
||||
{
|
||||
$c = $pattern[$i];
|
||||
switch ($c)
|
||||
{
|
||||
case '#' : // Alpha only (upper and lower case)
|
||||
do
|
||||
{
|
||||
$t = chr(rand(65,122));
|
||||
} while (!ctype_alpha($t));
|
||||
$newname .= $t;
|
||||
break;
|
||||
case '.' : // Numeric only
|
||||
do
|
||||
{
|
||||
$t = chr(rand(48,57));
|
||||
} while (!ctype_digit($t));
|
||||
$newname .= $t;
|
||||
break;
|
||||
case '*' : // Alphanumeric
|
||||
do
|
||||
{
|
||||
$t = chr(rand(48,122));
|
||||
} while (!ctype_alnum($t));
|
||||
$newname .= $t;
|
||||
break;
|
||||
case '^' : // Next character from seed
|
||||
if ($seed_ptr < strlen($seed))
|
||||
{
|
||||
$newname .= $seed[$seed_ptr];
|
||||
$seed_ptr++;
|
||||
}
|
||||
break;
|
||||
default :
|
||||
if (ctype_alnum($c)) $newname .= $c;
|
||||
// (else just ignore other characters in pattern)
|
||||
}
|
||||
}
|
||||
return $newname;
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Split up an email address to check for banned domains.
|
||||
// Return false if invalid address. Otherwise returns a set of values to check
|
||||
function make_email_query($email, $fieldname = 'banlist_ip')
|
||||
{
|
||||
global $tp;
|
||||
$tmp = strtolower($tp -> toDB(trim(substr($email, strrpos($email, "@")+1))));
|
||||
if ($tmp == '') return FALSE;
|
||||
if (strpos($tmp,'.') === FALSE) return FALSE;
|
||||
$em = array_reverse(explode('.',$tmp));
|
||||
$line = '';
|
||||
$out = array();
|
||||
foreach ($em as $e)
|
||||
{
|
||||
$line = '.'.$e.$line;
|
||||
$out[] = $fieldname."='*{$line}'";
|
||||
}
|
||||
return implode(' OR ',$out);
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Validate a standard user field (for length, acceptable characters etc).
|
||||
// Returns TRUE if totally acceptable
|
||||
// If $justStrip is FALSE, returns FALSE for an unacceptable value
|
||||
// If $justStrip is TRUE, usually returns a new value (based on that passed) which does validate - usually characters stripped, length trimmed etc
|
||||
// Note: will return FALSE for some input values regardless of the setting of $justStrip
|
||||
// Currently coded to always return TRUE if field name not recognised
|
||||
function validateField($fieldName,$fieldValue, $justStrip = FALSE)
|
||||
{
|
||||
global $pref;
|
||||
$newValue = $fieldValue;
|
||||
switch ($fieldName)
|
||||
{
|
||||
case 'user_loginname' :
|
||||
$newValue = trim(preg_replace('/ |\#|\=|\$/', "", strip_tags($fieldValue)));
|
||||
$newValue = substr($newValue,0,varset($pref['loginname_maxlength'],30));
|
||||
if (strlen($newValue) < 2) return FALSE; // Always an error if a short string
|
||||
break;
|
||||
case 'user_password' :
|
||||
if (strlen($fieldValue) < $pref['signup_pass_len']) return FALSE;
|
||||
break;
|
||||
}
|
||||
if ($justStrip)
|
||||
{
|
||||
return $newValue;
|
||||
}
|
||||
else
|
||||
{
|
||||
return ($newValue == $fieldValue);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Takes an array of $_POST fields whose first characters match $prefix, and passes them through the validateField routine
|
||||
// Returns three arrays - one of validated results, one of failed fields and one of errors corresponding to the failed fields
|
||||
function validatePostList($prefix = '', $doToDB = TRUE, $justStrip = FALSE)
|
||||
{
|
||||
global $tp;
|
||||
$ret = array('validate' => array(), 'failed' => array(), 'errors' => array());
|
||||
foreach ($_POST as $k => $v)
|
||||
{
|
||||
if (($prefix == '') || (strpos($k,$prefix) === 0))
|
||||
{ // Field to validate
|
||||
$result = $this->validateField($k,$v,$justStrip);
|
||||
if ($result === FALSE)
|
||||
{ // error
|
||||
$ret['failed'][$k] = $v;
|
||||
$ret['errors'][$k] = TRUE;
|
||||
}
|
||||
else
|
||||
{
|
||||
if ($doToTB) $result = $tp->toDB($result);
|
||||
$ret['validate'][$k] = $result;
|
||||
}
|
||||
}
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
|
||||
// Takes an array of $_POST field names specified in comma-separated form in $fieldlist (blank = 'all'), and passes them through the validateField routine
|
||||
// Returns three arrays - one of validated results, one of failed fields and one of errors corresponding to the failed fields
|
||||
function validatePostFields($fieldList = '', $doToDB = TRUE, $justStrip = FALSE)
|
||||
{
|
||||
global $tp;
|
||||
$ret = array('validate' => array(), 'failed' => array(), 'errors' => array());
|
||||
if ($fieldList == '')
|
||||
{
|
||||
$fieldArray = array_keys($_POST);
|
||||
}
|
||||
else
|
||||
{
|
||||
$fieldArray = explode(',',$fieldList);
|
||||
}
|
||||
foreach ($fieldArray as $k)
|
||||
{
|
||||
$k = trim($k);
|
||||
$result = $this->validateField($k,$_POST[$k],$justStrip);
|
||||
if ($result === FALSE)
|
||||
{ // error
|
||||
$ret['failed'][$k] = $_POST[$k];
|
||||
$ret['errors'][$k] = TRUE;
|
||||
}
|
||||
else
|
||||
{
|
||||
if ($doToTB) $result = $tp->toDB($result);
|
||||
$ret['validate'][$k] = $result;
|
||||
}
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -12,8 +12,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_prefs.php,v $
|
||||
| $Revision: 1.11 $
|
||||
| $Date: 2008-01-13 10:51:42 $
|
||||
| $Revision: 1.12 $
|
||||
| $Date: 2008-06-13 20:20:21 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -72,11 +72,11 @@ define("PRFLAN_58", "Restrict website to members only");
|
||||
define("PRFLAN_59", "ticking will restrict all areas apart from the front page and signup page to members only");
|
||||
define("PRFLAN_60", "Enable SSL");
|
||||
define("PRFLAN_61", "Only enable SSL if <b>you are sure you know what you are doing!</b>");
|
||||
define("PRFLAN_76", "Enable Image-code verification during signup.");
|
||||
define("PRFLAN_76", "Enable Image-code verification during signup");
|
||||
define("PRFLAN_77", "Admin Display Options ");
|
||||
define("PRFLAN_78", "Leave blank to disable");
|
||||
define("PRFLAN_80", "Click here to view");
|
||||
define("PRFLAN_81", "Enable Image-code verification during login.");
|
||||
define("PRFLAN_81", "Enable Image-code verification during login");
|
||||
define("PRFLAN_83", "example");
|
||||
define("PRFLAN_87", "Comments");
|
||||
define("PRFLAN_88", "Turn on nested comments");
|
||||
@@ -163,36 +163,47 @@ define("PRFLAN_31", "Email Verification");
|
||||
define("PRFLAN_152", "No Verification");
|
||||
define("PRFLAN_153", "Admin Approval");
|
||||
define("PRFLAN_154", "New user verification method <br />If 'Admin Approval' is selected, it is recommended that you enable email notification on user signup <a href='".e_ADMIN."notify.php'>here</a>.");
|
||||
|
||||
define("PRFLAN_155", "Display name and login name may be different for");
|
||||
define("PRFLAN_156", "Reset ALL Display Names");
|
||||
define("PRFLAN_157", "All Display Names have been reset to the Username");
|
||||
define("PRFLAN_158", "Display Name maximum length (5..30)");
|
||||
define("PRFLAN_159", "viewing this page with");
|
||||
|
||||
define("PRFLAN_160", "Check remote servers when validating email addresses.");
|
||||
define("PRFLAN_161", "Disable all comments on the site");
|
||||
|
||||
define("PRFLAN_162", "Site Contact Information");
|
||||
define("PRFLAN_163", "e.g. Company Name, Address, Phone, etc.");
|
||||
|
||||
define("PRFLAN_164", "Allow users to email copy of contact email to self");
|
||||
define("PRFLAN_165", "Possible opening for allowing spam, use with caution");
|
||||
define("PRFLAN_166", "Show emoticon images on comment form?");
|
||||
|
||||
define("PRFLAN_167", "Make entering an email address optional"); // subject to change.
|
||||
define("PRFLAN_168", "Site Contact Person(s)");
|
||||
define("PRFLAN_169", "If the chosen group contains more than one person, the user will be asked to select a person from the group.");
|
||||
|
||||
//define("PRFLAN_170", "Use reverse DNS to allow host banning");
|
||||
//define("PRFLAN_171", "Turning this option on will allow you to ban users by hostname, rather then just IP or email address. <br />NOTE: This may affect pageload times on some hosts");
|
||||
define("PRFLAN_172", "Login Name maximum length (10..100)");
|
||||
define("PRFLAN_173", "Check at SourceForge for E107 updates once/day");
|
||||
|
||||
define("PRFLAN_174", "Name for responses to emails from site");
|
||||
define("PRFLAN_175", "This will appear in the 'From' field of registration and other emails from this site");
|
||||
define("PRFLAN_176", "Email address for emails from site");
|
||||
define("PRFLAN_177", "Address specified for replies to emails from this site.");
|
||||
define("PRFLAN_178", "Password transmission method");
|
||||
define("PRFLAN_179", "(Only supported if using sessions for user tracking.)");
|
||||
define("PRFLAN_180", "Plaintext");
|
||||
define("PRFLAN_181", "CHAP, plaintext fallback");
|
||||
define("PRFLAN_182", "CHAP only");
|
||||
define("PRFLAN_183", " CHAP requires JS enabled in user's browser");
|
||||
define('PRFLAN_184', 'Allow login by email address');
|
||||
define('PRFLAN_185', '(as well as login name)');
|
||||
define('PRFLAN_186', 'Yes');
|
||||
define('PRFLAN_187', 'No');
|
||||
define('PRFLAN_188', 'Password encoding');
|
||||
define('PRFLAN_189', 'md5 (Legacy)');
|
||||
define('PRFLAN_190', 'Salted');
|
||||
define('PRFLAN_191', '(md5 is usually adequate for an Intranet, and often for other sites)');
|
||||
define('PRFLAN_192', 'Generate random predefined login names according to a pattern');
|
||||
define('PRFLAN_193', 'To allow users to set their own login names, leave blank');
|
||||
define('PRFLAN_194', '# - alpha<br />. - numeric<br />* - alphanumeric<br />Other chars used as entered');
|
||||
define('PRFLAN_195', '');
|
||||
|
||||
|
||||
?>
|
||||
@@ -4,8 +4,8 @@
|
||||
| e107 website system - Language File.
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_users.php,v $
|
||||
| $Revision: 1.9 $
|
||||
| $Date: 2008-01-01 12:38:05 $
|
||||
| $Revision: 1.10 $
|
||||
| $Date: 2008-06-13 20:20:21 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -169,6 +169,12 @@ define('USRLAN_166', 'User ID --UID-- name --NAME-- approved');
|
||||
define('USRLAN_167', 'Validation email ID --ID-- resent to --NAME-- at --EMAIL--');
|
||||
define('USRLAN_168', 'Re-send --COUNT-- validation emails');
|
||||
define('USRLAN_169', 'Total --COUNT-- bounced emails deleted');
|
||||
define('USRLAN_170', 'Random user name');
|
||||
define('USRLAN_171', 'Random password');
|
||||
define('USRLAN_172', 'Password set');
|
||||
define('USRLAN_173', 'Login name set');
|
||||
define('USRLAN_174', '');
|
||||
define('USRLAN_175', '');
|
||||
|
||||
define("LAN_MAINADMIN","Main Admin");
|
||||
define("LAN_ADMIN","Admin");
|
||||
|
||||
@@ -4,8 +4,8 @@
|
||||
| e107 website system - Language File.
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_login.php,v $
|
||||
| $Revision: 1.2 $
|
||||
| $Date: 2008-01-01 21:26:23 $
|
||||
| $Revision: 1.3 $
|
||||
| $Date: 2008-06-13 20:20:22 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -33,5 +33,8 @@ define("LAN_LOGIN_21", "Incorrect login. The entered data doesn't match to a reg
|
||||
define("LAN_LOGIN_22", "You have not activated your account. You should have received an email with instructions on how to confirm your account. If not, please click <a href='".e_BASE."signup.php?resend'>here</a>.");
|
||||
define("LAN_LOGIN_23", "Incorrect code entered.");
|
||||
define("LAN_LOGIN_24", "That username/password combination is already in use.");
|
||||
define("LAN_LOGIN_25", "Banned user attempted to login");
|
||||
define("LAN_LOGIN_26", "Login fail - reason unknown");
|
||||
define('LAN_LOGIN_27', 'User attempted to log in before responding to confirmation email');
|
||||
|
||||
?>
|
||||
@@ -4,8 +4,8 @@
|
||||
| e107 website system - Language File.
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_signup.php,v $
|
||||
| $Revision: 1.10 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Revision: 1.11 $
|
||||
| $Date: 2008-06-13 20:20:22 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -103,7 +103,7 @@ define("LAN_SIGNUP_44", "Activation email sent to:");
|
||||
define("LAN_SIGNUP_45", "Please check your inbox.");
|
||||
define("LAN_SIGNUP_47", "Resend Activation Email");
|
||||
define("LAN_SIGNUP_48", "Username or Email");
|
||||
define("LAN_SIGNUP_49", "If you registered with the wrong email address, type a new one and your password here:");
|
||||
define("LAN_SIGNUP_49", "If you registered with the wrong email address, as well as filling in the box above, type a new email address and your password here:");
|
||||
define("LAN_SIGNUP_50", "New Email");
|
||||
define("LAN_SIGNUP_51", "Old Password");
|
||||
define("LAN_SIGNUP_52", "Incorrect Password");
|
||||
@@ -118,10 +118,10 @@ define('LAN_SIGNUP_60','Signup email resend requested');
|
||||
define('LAN_SIGNUP_61','Send succeeded');
|
||||
define('LAN_SIGNUP_62','Send failed');
|
||||
define('LAN_SIGNUP_63','Password reset email resent requested');
|
||||
define('LAN_SIGNUP_64','');
|
||||
define('LAN_SIGNUP_65','');
|
||||
define('LAN_SIGNUP_66','');
|
||||
define('LAN_SIGNUP_67','');
|
||||
define('LAN_SIGNUP_64','That doesn\'t appear to be valid user information');
|
||||
define('LAN_SIGNUP_65','You have been assigned the following login name');
|
||||
define('LAN_SIGNUP_66','Please make a note of it.');
|
||||
define('LAN_SIGNUP_67','This will be assigned by the system after signup');
|
||||
define('LAN_SIGNUP_68','');
|
||||
define('LAN_SIGNUP_69','');
|
||||
define('LAN_SIGNUP_70','');
|
||||
|
||||
@@ -4,8 +4,8 @@
|
||||
| e107 website system - Language File.
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_usersettings.php,v $
|
||||
| $Revision: 1.12 $
|
||||
| $Date: 2008-01-15 21:57:47 $
|
||||
| $Revision: 1.13 $
|
||||
| $Date: 2008-06-13 20:20:22 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -23,14 +23,9 @@ define("LAN_106", "That doesn't appear to be a valid email address");
|
||||
define("LAN_112", "Email Address: ");
|
||||
define("LAN_113", "Hide email address?: ");
|
||||
define("LAN_114", "This will prevent your email address from being displayed on site");
|
||||
//define("LAN_115", "ICQ Number: ");
|
||||
//define("LAN_116", "AIM Address: ");
|
||||
//define("LAN_117", "MSN Messenger: ");
|
||||
//define("LAN_118", "Birthday: ");
|
||||
define("LAN_119", "Location: ");
|
||||
define("LAN_120", "Signature: ");
|
||||
define("LAN_121", "Avatar: ");
|
||||
//define("LAN_122", "Timezone:");
|
||||
define("LAN_144", "Website URL: ");
|
||||
define("LAN_150", "Settings updated and saved into database.");
|
||||
define("LAN_151", "OK");
|
||||
@@ -114,6 +109,13 @@ define("LAN_USET_16", "Tick box to delete existing photo without uploading anoth
|
||||
define("LAN_USET_17", "Display name already used. Please choose another");
|
||||
define('LAN_USET_18', 'User data changed by admin: --ID--, login name: --LOGNAME--');
|
||||
define('LAN_USET_19', 'Custom Title');
|
||||
define('LAN_USET_20', '');
|
||||
define('LAN_USET_20', 'You must also change the user\'s password if you are changing their login name or email address');
|
||||
define('LAN_USET_21', 'Please validate the changes by re-entering your password: ');
|
||||
define('LAN_USET_22', 'Invalid password!');
|
||||
define('LAN_USET_23', '');
|
||||
define('LAN_USET_24', '');
|
||||
define('LAN_USET_25', '');
|
||||
|
||||
define('LAN_ENTER', 'Enter');
|
||||
|
||||
?>
|
||||
@@ -11,9 +11,9 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_plugins/login_menu/login_menu.php,v $
|
||||
| $Revision: 1.9 $
|
||||
| $Date: 2008-03-13 19:15:56 $
|
||||
| $Author: lisa_ $
|
||||
| $Revision: 1.10 $
|
||||
| $Date: 2008-06-13 20:20:22 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
|
||||
@@ -24,7 +24,7 @@ if(defined("FPW_ACTIVE"))
|
||||
return; // prevent failed login attempts when fpw.php is loaded before this menu.
|
||||
}
|
||||
|
||||
global $eMenuActive, $e107, $tp, $use_imagecode, $ADMIN_DIRECTORY, $LOGIN_MENU_MESSAGE, $LOGIN_MENU_STATITEM, $LM_STATITEM_SEPARATOR,
|
||||
global $eMenuActive, $pref, $e107, $tp, $use_imagecode, $ADMIN_DIRECTORY, $LOGIN_MENU_MESSAGE, $LOGIN_MENU_STATITEM, $LM_STATITEM_SEPARATOR,
|
||||
$login_menu_shortcodes, $LOGIN_MENU_FORM, $LOGIN_MENU_LOGGED, $LOGIN_MENU_STATS, $LOGIN_MENU_EXTERNAL_LINK;
|
||||
$ip = $e107->getip();
|
||||
|
||||
@@ -167,8 +167,12 @@ else
|
||||
require(e_PLUGIN."login_menu/login_menu_template.php");
|
||||
}
|
||||
|
||||
$text = '<form method="post" action="'.e_SELF.(e_QUERY ? '?'.e_QUERY : '').'">';
|
||||
$text .= $tp->parseTemplate($LOGIN_MENU_FORM, true, $login_menu_shortcodes);
|
||||
$text = '<form method="post" action="'.e_SELF.(e_QUERY ? '?'.e_QUERY : '');
|
||||
if (varsettrue($pref['password_CHAP'],0))
|
||||
{
|
||||
$text .= '" onsubmit="hashLoginPassword(this)';
|
||||
}
|
||||
$text .= '">'.$tp->parseTemplate($LOGIN_MENU_FORM, true, $login_menu_shortcodes);
|
||||
$text .= '</form>';
|
||||
|
||||
if (file_exists(THEME.'images/login_menu.png')) {
|
||||
|
||||
@@ -11,9 +11,9 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_plugins/login_menu/login_menu_shortcodes.php,v $
|
||||
| $Revision: 1.5 $
|
||||
| $Date: 2008-02-06 00:23:28 $
|
||||
| $Author: secretr $
|
||||
| $Revision: 1.6 $
|
||||
| $Date: 2008-06-13 20:20:22 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
if (!defined('e107_INIT')) { exit; }
|
||||
@@ -21,11 +21,15 @@ global $tp;
|
||||
$login_menu_shortcodes = $tp -> e_sc -> parse_scbatch(__FILE__);
|
||||
/*
|
||||
SC_BEGIN LM_USERNAME_INPUT
|
||||
return "<input class='tbox login user' type='text' name='username' id='username' size='15' value='' maxlength='30' />\n";
|
||||
global $pref;
|
||||
return "<input class='tbox login user' type='text' name='username' id='username' size='15' value='' maxlength='".varset($pref['loginname_maxlength'],30)."' />\n";
|
||||
SC_END
|
||||
|
||||
SC_BEGIN LM_PASSWORD_INPUT
|
||||
return "<input class='tbox login pass' type='password' name='userpass' id='userpass' size='15' value='' maxlength='20' />\n\n";
|
||||
global $pref;
|
||||
$t_password = "<input class='tbox login pass' type='password' name='userpass' id='userpass' size='15' value='' maxlength='30' />\n";
|
||||
if (!USER && isset($_SESSION['challenge']) && varset($pref['password_CHAP'],0)) $t_password .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='{$_SESSION['challenge']}' />\n\n";
|
||||
return $t_password;
|
||||
SC_END
|
||||
|
||||
SC_BEGIN LM_IMAGECODE
|
||||
@@ -100,7 +104,7 @@ if ($pref['user_reg'])
|
||||
if(isset($pref['user_reg_veri']) && $pref['user_reg_veri'] == 1){
|
||||
if (!$pref['auth_method'] || $pref['auth_method'] == 'e107' )
|
||||
{
|
||||
return $parm == 'href' ? e_SIGNUP.'?resend' : "<a class='login_menu_link resend' id=login_menu_link_resend' href='".e_SIGNUP."?resend' title=\"".LOGIN_MENU_L40."\">".LOGIN_MENU_L40."</a>";
|
||||
return $parm == 'href' ? e_SIGNUP.'?resend' : "<a class='login_menu_link resend' id='login_menu_link_resend' href='".e_SIGNUP."?resend' title=\"".LOGIN_MENU_L40."\">".LOGIN_MENU_L40."</a>";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,9 +11,9 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_plugins/login_menu/login_menu_template.php,v $
|
||||
| $Revision: 1.4 $
|
||||
| $Date: 2008-02-06 00:23:28 $
|
||||
| $Author: secretr $
|
||||
| $Revision: 1.5 $
|
||||
| $Date: 2008-06-13 20:20:22 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
|
||||
@@ -56,9 +56,22 @@ if (!isset($LOGIN_MENU_FORM)){
|
||||
$sc_style['LM_IMAGECODE_BOX']['pre'] = "";
|
||||
$sc_style['LM_IMAGECODE_BOX']['post'] = "<br />";
|
||||
|
||||
$LOGIN_MENU_FORM = "
|
||||
{LM_MESSAGE}
|
||||
<div style='text-align: center'>
|
||||
$LOGIN_MENU_FORM = "{LM_MESSAGE}";
|
||||
|
||||
if ((varset($pref['password_CHAP'],0) == 2) && ($pref['user_tracking'] == "session"))
|
||||
{
|
||||
$LOGIN_MENU_FORM .= "
|
||||
<div style='text-align: center' id='nologinmenuchap'>"."Javascript must be enabled in your browser if you wish to log into this site"."
|
||||
</div>
|
||||
<div style='text-align: center; display:none' id='loginmenuchap'>";
|
||||
}
|
||||
else
|
||||
{
|
||||
$LOGIN_MENU_FORM .= "
|
||||
<div style='text-align: center'>";
|
||||
}
|
||||
|
||||
$LOGIN_MENU_FORM .= "
|
||||
".LOGIN_MENU_L1."<br />
|
||||
{LM_USERNAME_INPUT}<br />
|
||||
".LOGIN_MENU_L2."<br />
|
||||
|
||||
@@ -6,9 +6,9 @@
|
||||
| Released under the terms and conditions of the GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_themes/templates/header_default.php,v $
|
||||
| $Revision: 1.20 $
|
||||
| $Date: 2008-03-13 19:15:56 $
|
||||
| $Author: lisa_ $
|
||||
| $Revision: 1.21 $
|
||||
| $Date: 2008-06-13 20:20:22 $
|
||||
| $Author: e107steved $
|
||||
+-----------------------------------------------------------------------------------------------+
|
||||
*/
|
||||
|
||||
@@ -93,11 +93,16 @@ echo "<html xmlns='http://www.w3.org/1999/xhtml'".(defined("TEXTDIRECTION") ? "
|
||||
//
|
||||
|
||||
// Wysiwyg JS support on or off.
|
||||
if (varset($pref['wysiwyg'],FALSE) && check_class($pref['post_html']) && varset($e_wysiwyg) != "") {
|
||||
if (varset($pref['wysiwyg'],FALSE) && check_class($pref['post_html']) && varset($e_wysiwyg) != "")
|
||||
{
|
||||
define("e_WYSIWYG",TRUE);
|
||||
}else{
|
||||
}
|
||||
else
|
||||
{
|
||||
define("e_WYSIWYG",FALSE);
|
||||
}
|
||||
|
||||
|
||||
// Load Plugin Header Files
|
||||
if (varset($pref['e_header_list']) && is_array($pref['e_header_list']))
|
||||
{
|
||||
@@ -110,9 +115,13 @@ if (varset($pref['e_header_list']) && is_array($pref['e_header_list']))
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($theme_js_php) && $theme_js_php) {
|
||||
|
||||
if (isset($theme_js_php) && $theme_js_php)
|
||||
{
|
||||
echo "<link rel='stylesheet' href='".THEME_ABS."theme-js.php' type='text/css' />";
|
||||
} else {
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!isset($no_core_js) || !$no_core_js)
|
||||
{
|
||||
echo "<script type='text/javascript' src='".e_FILE_ABS."e_js.php'></script>\n";
|
||||
@@ -120,11 +129,12 @@ if (isset($theme_js_php) && $theme_js_php) {
|
||||
if (file_exists(THEME.'theme.js')) { echo "<script type='text/javascript' src='".THEME_ABS."theme.js'></script>\n"; }
|
||||
if (is_readable(e_FILE.'user.js') && filesize(e_FILE.'user.js')) { echo "<script type='text/javascript' src='".e_FILE_ABS."user.js'></script>\n"; }
|
||||
if (file_exists(THEME.'theme.vbs')) { echo "<script type='text/vbscript' src='".THEME_ABS."theme.vbs'></script>\n"; }
|
||||
if (filesize(e_FILE.'user.vbs')) { echo "<script type='text/vbscript' src='".e_FILE_ABS."user.vbs'></script>\n"; }
|
||||
|
||||
if (is_readable(e_FILE.'user.vbs') && filesize(e_FILE.'user.vbs')) { echo "<script type='text/vbscript' src='".e_FILE_ABS."user.vbs'></script>\n"; }
|
||||
}
|
||||
|
||||
|
||||
if (isset($eplug_js) && $eplug_js) {
|
||||
if (isset($eplug_js) && $eplug_js)
|
||||
{
|
||||
echo "\n<!-- eplug_js -->\n";
|
||||
if(is_array($eplug_js))
|
||||
{
|
||||
@@ -138,14 +148,29 @@ if (isset($eplug_js) && $eplug_js) {
|
||||
{
|
||||
echo "<script type='text/javascript' src='{$eplug_js}'></script>\n";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if((isset($pref['enable_png_image_fix']) && $pref['enable_png_image_fix'] == true) || (isset($sleight) && $sleight == true)) {
|
||||
|
||||
if (!USER && ($pref['user_tracking'] == "session") && varset($pref['password_CHAP'],0))
|
||||
{
|
||||
if ($pref['password_CHAP'] == 2)
|
||||
{
|
||||
// *** Add in the code to swap the display tags
|
||||
$js_body_onload[] = "expandit('loginmenuchap','nologinmenuchap');";
|
||||
}
|
||||
echo "<script type='text/javascript' src='".e_FILE_ABS."chap_script.js'></script>\n";
|
||||
$js_body_onload[] = "getChallenge();";
|
||||
}
|
||||
|
||||
|
||||
if((isset($pref['enable_png_image_fix']) && $pref['enable_png_image_fix'] == true) || (isset($sleight) && $sleight == true))
|
||||
{
|
||||
echo "<script type='text/javascript' src='".e_FILE_ABS."sleight_js.php'></script>\n\n";
|
||||
}
|
||||
|
||||
if (function_exists('headerjs')){echo headerjs(); }
|
||||
if (function_exists('headerjs')) {echo headerjs(); }
|
||||
|
||||
|
||||
|
||||
//
|
||||
// E: Send CSS
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<?php
|
||||
// $Id: login_template.php,v 1.4 2007-12-06 21:35:55 e107steved Exp $
|
||||
// $Id: login_template.php,v 1.5 2008-06-13 20:20:23 e107steved Exp $
|
||||
|
||||
if (!defined('e107_INIT')) { exit; }
|
||||
|
||||
@@ -16,13 +16,44 @@ if(!isset($LOGIN_TABLE_HEADER))
|
||||
if(!isset($LOGIN_TABLE))
|
||||
{
|
||||
$LOGIN_TABLE = "";
|
||||
if($LOGIN_TABLE_LOGINMESSAGE != ""){
|
||||
if($LOGIN_TABLE_LOGINMESSAGE != "")
|
||||
{
|
||||
$LOGIN_TABLE .= "<div style='text-align:center'>{LOGIN_TABLE_LOGINMESSAGE}</div>";
|
||||
}
|
||||
|
||||
if (($pref['user_tracking'] == "session") && varset($pref['password_CHAP'],0))
|
||||
{
|
||||
if ($pref['password_CHAP'] == 2)
|
||||
{
|
||||
$LOGIN_TABLE .= "
|
||||
<div style='text-align:center'>
|
||||
".$rs -> form_open("post", e_SELF)."<table class='fborder' style='width:60%' >\n<tr>\n<td class='forumheader' style='text-align:center;' colspan='3'>".LAN_LOGIN_4."</td>\n</tr>\n<tr>\n<td class='forumheader3' width='40%'>".LAN_LOGIN_1."</td>\n<td class='forumheader3' width='40%'>{LOGIN_TABLE_USERNAME}</td>\n<td class='forumheader3' width='20%' rowspan='".($LOGIN_TABLE_SECIMG_SECIMG ? 3 : 2)."' style='vertical-align: middle; margin-left: auto; margin-right: auto; text-align: center;'>".(file_exists(THEME."images/password.png") ? "<img src='".THEME_ABS."images/password.png' alt='' />\n" : "<img src='".e_IMAGE."packs/".$imode."/generic/password.png' alt='' />\n" )."</td>\n</tr>\n<tr>\n<td class='forumheader3'>".LAN_LOGIN_2."</td>\n<td class='forumheader3'>{LOGIN_TABLE_PASSWORD}</td>\n</tr>\n";
|
||||
if($LOGIN_TABLE_SECIMG_SECIMG){
|
||||
<div style='text-align: center' id='nologinmenuchap'>"."Javascript must be enabled in your browser if you wish to log into this site"."
|
||||
</div>
|
||||
<div style='text-align: center; display:none' id='loginmenuchap'>";
|
||||
}
|
||||
else
|
||||
{
|
||||
$LOGIN_TABLE .= "<div style='text-align:center'>";
|
||||
}
|
||||
$LOGIN_TABLE .= $rs -> form_open("post", e_SELF,'','','',' onsubmit="hashLoginPassword(this)"');
|
||||
}
|
||||
else
|
||||
{
|
||||
$LOGIN_TABLE .= "<div style='text-align:center'>".$rs -> form_open("post", e_SELF);
|
||||
}
|
||||
|
||||
$LOGIN_TABLE .=
|
||||
"<table class='fborder' style='width:60%' >\n
|
||||
<tr>\n
|
||||
<td class='forumheader' style='text-align:center;' colspan='3'>".LAN_LOGIN_4."</td>\n
|
||||
</tr>\n
|
||||
<tr>\n
|
||||
<td class='forumheader3' style='width:40%'>".LAN_LOGIN_1."</td>\n
|
||||
<td class='forumheader3' style='width:40%'>{LOGIN_TABLE_USERNAME}</td>\n
|
||||
<td class='forumheader3' rowspan='".($LOGIN_TABLE_SECIMG_SECIMG ? 3 : 2)."' style='width:20%; vertical-align: middle; margin-left: auto; margin-right: auto; text-align: center;'>".(file_exists(THEME."images/password.png") ? "<img src='".THEME_ABS."images/password.png' alt='' />\n" : "<img src='".e_IMAGE."packs/".$imode."/generic/password.png' alt='' />\n" )."</td>\n</tr>\n
|
||||
<tr>\n<td class='forumheader3'>".LAN_LOGIN_2."</td>\n<td class='forumheader3'>{LOGIN_TABLE_PASSWORD}
|
||||
</td>\n</tr>\n";
|
||||
if($LOGIN_TABLE_SECIMG_SECIMG)
|
||||
{
|
||||
$LOGIN_TABLE .= "<tr><td class='forumheader3'>{LOGIN_TABLE_SECIMG_LAN}</td>\n<td class='forumheader3'>{LOGIN_TABLE_SECIMG_HIDDEN} {LOGIN_TABLE_SECIMG_SECIMG} {LOGIN_TABLE_SECIMG_TEXTBOC}</td>\n</tr>\n";
|
||||
}
|
||||
|
||||
|
||||
41
fpw.php
41
fpw.php
@@ -11,31 +11,34 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/fpw.php,v $
|
||||
| $Revision: 1.5 $
|
||||
| $Date: 2008-02-18 02:12:06 $
|
||||
| $Author: mcfly_e107 $
|
||||
| $Revision: 1.6 $
|
||||
| $Date: 2008-06-13 20:20:20 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
require_once("class2.php");
|
||||
|
||||
if(USER){
|
||||
if(USER)
|
||||
{
|
||||
header("location:".e_BASE."index.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
if($pref['fpwcode'] && extension_loaded("gd")){
|
||||
if($pref['fpwcode'] && extension_loaded("gd"))
|
||||
{
|
||||
define("USE_IMAGECODE",TRUE);
|
||||
}else{
|
||||
require_once(e_HANDLER."secure_img_handler.php");
|
||||
$sec_img = new secure_image;
|
||||
}
|
||||
else
|
||||
{
|
||||
define("USE_IMAGECODE",FALSE);
|
||||
}
|
||||
|
||||
|
||||
if (USE_IMAGECODE) {
|
||||
require_once(e_HANDLER."secure_img_handler.php");
|
||||
$sec_img = new secure_image;
|
||||
}
|
||||
|
||||
if ($pref['membersonly_enabled']) {
|
||||
if ($pref['membersonly_enabled'])
|
||||
{
|
||||
if (!$FPW_TABLE_HEADER) {
|
||||
if (file_exists(THEME."fpw_template.php")) {
|
||||
require_once(THEME."fpw_template.php");
|
||||
@@ -47,6 +50,9 @@ if ($pref['membersonly_enabled']) {
|
||||
$FOOTER = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE_FOOTER);
|
||||
}
|
||||
|
||||
require_once(e_HANDLER.'user_handler.php');
|
||||
$user_info = new UserHandler;
|
||||
|
||||
require_once(HEADERF);
|
||||
|
||||
function fpw_error($txt)
|
||||
@@ -77,7 +83,9 @@ if (e_QUERY)
|
||||
for($a = 0; $a <= $pwlen; $a++) {
|
||||
$newpw .= chr(rand(97, 122));
|
||||
}
|
||||
$mdnewpw = md5($newpw);
|
||||
list($username, $md5) = explode($fpw_sep, $tmp_info);
|
||||
// $mdnewpw = md5($newpw);
|
||||
$mdnewpw = $user_info->HashPassword($newpw,$username);
|
||||
|
||||
// Details for admin log
|
||||
$do_log['password_action'] = LAN_FPW21;
|
||||
@@ -86,8 +94,7 @@ if (e_QUERY)
|
||||
$do_log['user_password'] = $mdnewpw;
|
||||
$admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,0,$do_log['user_name']);
|
||||
|
||||
list($username, $md5) = explode($fpw_sep, $tmp_info);
|
||||
$sql->db_Update("user", "user_password='{$mdnewpw}', user_viewed='' WHERE user_name='".$tp -> toDB($username, true)."' ");
|
||||
$sql->db_Update("user", "user_password='{$mdnewpw}', user_viewed='' WHERE user_loginname='".$tp -> toDB($username, true)."' ");
|
||||
cookie($pref['cookie_name'], "", (time()-2592000));
|
||||
$_SESSION[$pref['cookie_name']] = "";
|
||||
|
||||
@@ -99,7 +106,9 @@ if (e_QUERY)
|
||||
<br /><br />".LAN_FPW10." <a href='".e_LOGIN."'>".LAN_FPW11."</a> ".LAN_FPW12."</div>";
|
||||
fpw_error($txt);
|
||||
|
||||
} else {
|
||||
}
|
||||
else
|
||||
{
|
||||
fpw_error(LAN_FPW7);
|
||||
}
|
||||
}
|
||||
@@ -155,7 +164,7 @@ if (isset($_POST['pwsubmit']))
|
||||
|
||||
$deltime = time()+86400 * 2;
|
||||
//Set timestamp two days ahead so it doesn't get auto-deleted
|
||||
$sql->db_Insert("tmp", "'pwreset',{$deltime},'{$user_name}{$fpw_sep}{$rcode}'");
|
||||
$sql->db_Insert("tmp", "'pwreset',{$deltime},'{$row['user_loginname']}{$fpw_sep}{$rcode}'");
|
||||
|
||||
$do_log['password_action'] = LAN_FPW18;
|
||||
$do_log['user_id'] = $row['user_id'];
|
||||
|
||||
18
login.php
18
login.php
@@ -11,8 +11,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/login.php,v $
|
||||
| $Revision: 1.3 $
|
||||
| $Date: 2007-03-05 21:35:12 $
|
||||
| $Revision: 1.4 $
|
||||
| $Date: 2008-06-13 20:20:20 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -21,19 +21,25 @@ require_once("class2.php");
|
||||
$HEADER = "";
|
||||
require_once(HEADERF);
|
||||
$use_imagecode = ($pref['logcode'] && extension_loaded("gd"));
|
||||
if ($use_imagecode) {
|
||||
if ($use_imagecode)
|
||||
{
|
||||
require_once(e_HANDLER."secure_img_handler.php");
|
||||
$sec_img = new secure_image;
|
||||
}
|
||||
|
||||
if (!USER) {
|
||||
if (!USER)
|
||||
{
|
||||
require_once(e_HANDLER."form_handler.php");
|
||||
$rs = new form;
|
||||
$text = "";
|
||||
|
||||
$LOGIN_TABLE_LOGINMESSAGE = LOGINMESSAGE;
|
||||
$LOGIN_TABLE_USERNAME = "<input class='tbox' type='text' name='username' size='40' maxlength='100' />";
|
||||
$LOGIN_TABLE_PASSWORD = "<input class='tbox' type='password' name='userpass' size='40' maxlength='100' />";
|
||||
$LOGIN_TABLE_USERNAME = "<input class='tbox' type='text' name='username' id='username' size='40' maxlength='100' />";
|
||||
$LOGIN_TABLE_PASSWORD = "<input class='tbox' type='password' name='userpass' id='userpass' size='40' maxlength='100' />";
|
||||
if (!USER && isset($_SESSION['challenge']) && varset($pref['password_CHAP'],0))
|
||||
{
|
||||
$LOGIN_TABLE_PASSWORD .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='{$_SESSION['challenge']}' />\n\n";
|
||||
}
|
||||
if ($use_imagecode)
|
||||
{
|
||||
$LOGIN_TABLE_SECIMG_LAN = LAN_LOGIN_13;
|
||||
|
||||
123
signup.php
123
signup.php
@@ -11,15 +11,16 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/signup.php,v $
|
||||
| $Revision: 1.17 $
|
||||
| $Date: 2008-03-23 21:43:47 $
|
||||
| $Revision: 1.18 $
|
||||
| $Date: 2008-06-13 20:20:20 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
|
||||
require_once("class2.php");
|
||||
$qs = explode(".", e_QUERY);
|
||||
if($qs[0] != "activate"){ // multi-language fix.
|
||||
if($qs[0] != "activate")
|
||||
{ // multi-language fix.
|
||||
e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_signup.php");
|
||||
e107_include_once(e_LANGUAGEDIR."English/lan_signup.php");
|
||||
e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_usersettings.php");
|
||||
@@ -35,16 +36,22 @@ include_once(e_HANDLER."user_extended_class.php");
|
||||
$usere = new e107_user_extended;
|
||||
require_once(e_HANDLER."calendar/calendar_class.php");
|
||||
$cal = new DHTML_Calendar(true);
|
||||
require_once(e_HANDLER.'user_handler.php');
|
||||
$user_info = new UserHandler;
|
||||
|
||||
if (is_readable(THEME."signup_template.php")) {
|
||||
if (is_readable(THEME."signup_template.php"))
|
||||
{
|
||||
require_once(THEME."signup_template.php");
|
||||
} else {
|
||||
}
|
||||
else
|
||||
{
|
||||
require_once(e_THEME."templates/signup_template.php");
|
||||
}
|
||||
|
||||
include_once(e_FILE."shortcode/batch/signup_shortcodes.php");
|
||||
|
||||
$signup_imagecode = ($pref['signcode'] && extension_loaded("gd"));
|
||||
$text = '';
|
||||
|
||||
|
||||
//-------------------------------
|
||||
@@ -67,36 +74,47 @@ if(e_QUERY == "resend" && !USER && ($pref['user_reg_veri'] == 1))
|
||||
}
|
||||
|
||||
if($_POST['submit_resend'])
|
||||
{
|
||||
{ // Action user's submitted information
|
||||
// 'resend_email' - user name or email address actually used to sign up
|
||||
// 'resend_newemail' - corrected email address
|
||||
// 'resend_password' - password (required if changing email address)
|
||||
|
||||
if($_POST['resend_email'] && !$new_email && $sql->db_Select_gen("SELECT * FROM #user WHERE user_ban=0 AND user_sess='' AND (user_loginname= \"".$tp->toDB($_POST['resend_email'])."\" OR user_name = \"".$tp->toDB($_POST['resend_email'])."\" OR user_email = \"".$clean_email."\" ) "))
|
||||
{
|
||||
{ // Account already activated
|
||||
$ns -> tablerender(LAN_SIGNUP_40,LAN_SIGNUP_41."<br />");
|
||||
require_once(FOOTERF);
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
// Start by looking up the user
|
||||
if(!$sql->db_Select("user", "*", "(user_loginname = \"".$tp->toDB($_POST['resend_email'])."\" OR user_name = \"".$tp->toDB($_POST['resend_email'])."\" OR user_email = \"".$clean_email."\" ) AND user_ban=".USER_REGISTERED_NOT_VALIDATED." AND user_sess !='' LIMIT 1"))
|
||||
{
|
||||
require_once(e_HANDLER."message_handler.php");
|
||||
message_handler("ALERT",LAN_SIGNUP_64); // email (or other info) not valid.
|
||||
exit;
|
||||
}
|
||||
$row = $sql -> db_Fetch();
|
||||
// We should have a user record here
|
||||
|
||||
if(trim($_POST['resend_password']) !="" && $new_email)
|
||||
{ // Need to change the email address - check password to make sure
|
||||
if ($user_info->CheckPassword($_POST['resend_password'], $row['user_loginname'], $row['user_password']) === TRUE)
|
||||
{
|
||||
if($sql->db_Select("user", "user_id", "user_password = \"".md5($_POST['resend_password'])."\" AND user_ban=2 AND user_sess !='' LIMIT 1"))
|
||||
{
|
||||
$row = $sql -> db_Fetch();
|
||||
if($sql->db_Update("user", "user_email='".$new_email."' WHERE user_id = '".$row['user_id']."' LIMIT 1 "))
|
||||
{
|
||||
$clean_email = $new_email;
|
||||
$row['user_email'] = $new_email;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
require_once(e_HANDLER."message_handler.php");
|
||||
message_handler("ALERT",LAN_SIGNUP_52); // Incorrect Password.
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if($sql->db_Select("user", "*", "(user_loginname = \"".$tp->toDB($_POST['resend_email'])."\" OR user_name = \"".$tp->toDB($_POST['resend_email'])."\" OR user_email = \"".$clean_email."\" ) AND user_ban=2 AND user_sess !='' LIMIT 1"))
|
||||
{
|
||||
$row = $sql -> db_Fetch();
|
||||
|
||||
// Now send the email - got some valid info
|
||||
$_POST['password1'] = "xxxxxxxxx";
|
||||
$_POST['loginname'] = $row['user_loginname'];
|
||||
$_POST['name'] = $row['user_name'];
|
||||
@@ -124,14 +142,8 @@ if(e_QUERY == "resend" && !USER && ($pref['user_reg_veri'] == 1))
|
||||
require_once(FOOTERF);
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once(e_HANDLER."message_handler.php");
|
||||
message_handler("ALERT",LAN_106); // email not valid.
|
||||
exit;
|
||||
}
|
||||
elseif(!$_POST['submit_resend'])
|
||||
{
|
||||
|
||||
{ // Display form to get info from user
|
||||
$text .= "<div style='text-align:center'>
|
||||
<form method='post' action='".e_SELF."?resend' name='resend_form'>
|
||||
<table style='".USER_WIDTH."' class='fborder'>
|
||||
@@ -171,7 +183,6 @@ if(e_QUERY == "resend" && !USER && ($pref['user_reg_veri'] == 1))
|
||||
require_once(FOOTERF);
|
||||
exit;
|
||||
}
|
||||
|
||||
exit;
|
||||
}
|
||||
|
||||
@@ -402,6 +413,11 @@ if (isset($_POST['register']))
|
||||
if($_POST['password1xup']) $_POST['password1'] = $_POST['password1xup'];
|
||||
if($_POST['password2xup']) $_POST['password2'] = $_POST['password2xup'];
|
||||
|
||||
if (varsettrue($pref['predefinedLoginName']))
|
||||
{
|
||||
$_POST['loginname'] = $user_info->generateUserLogin($pref['predefinedLoginName']);
|
||||
// if (empty($username)) $username = $loginname;
|
||||
}
|
||||
// Strip most invalid characters now
|
||||
$temp_name = trim(preg_replace('/ |\#|\=|\$/', "", strip_tags($_POST['loginname'])));
|
||||
if ($temp_name != $_POST['loginname'])
|
||||
@@ -409,7 +425,6 @@ if (isset($_POST['register']))
|
||||
$error_message .= LAN_409."\\n";
|
||||
$error = TRUE;
|
||||
}
|
||||
$_POST['loginname'] = $temp_name;
|
||||
|
||||
if (strcasecmp($_POST['loginname'],"Anonymous") == 0)
|
||||
{
|
||||
@@ -418,8 +433,8 @@ if (isset($_POST['register']))
|
||||
}
|
||||
|
||||
|
||||
// Use LoginName for DisplayName if restricted **** MOVED FORWARD ****
|
||||
if (!check_class($pref['displayname_class']))
|
||||
// Use LoginName for DisplayName if restricted
|
||||
if (!check_class($pref['displayname_class'],e_UC_PUBLIC.','.e_UC_MEMBER))
|
||||
{
|
||||
$_POST['name'] = $_POST['loginname'];
|
||||
}
|
||||
@@ -518,7 +533,7 @@ global $db_debug;
|
||||
|
||||
|
||||
// Password length check.
|
||||
if (trim(strlen($_POST['password1'])) < $pref['signup_pass_len'])
|
||||
if (strlen(trim($_POST['password1'])) < $pref['signup_pass_len'])
|
||||
{
|
||||
$error_message .= LAN_SIGNUP_4.$pref['signup_pass_len'].LAN_SIGNUP_5."\\n";
|
||||
$error = TRUE;
|
||||
@@ -628,7 +643,7 @@ global $db_debug;
|
||||
if(isset($_POST['ue']['user_'.$ext['user_extended_struct_name']]))
|
||||
{
|
||||
$newval = trim($_POST['ue']['user_'.$ext['user_extended_struct_name']]);
|
||||
if($ext['user_extended_struct_required'] == 1 && $newval == "" )
|
||||
if($ext['user_extended_struct_required'] == 1 && (($newval == "") || (($ext['user_extended_struct_type'] == 7) && ($newval == '0000-00-00')) ))
|
||||
{
|
||||
$_ftext = (defined($ext['user_extended_struct_text']) ? constant($ext['user_extended_struct_text']) : $ext['user_extended_struct_text']);
|
||||
$error_message .= LAN_SIGNUP_6.$_ftext.LAN_SIGNUP_7."\\n";
|
||||
@@ -674,7 +689,7 @@ global $db_debug;
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($_POST['email'] && $sql->db_Select("user", "*", "user_email='".$_POST['email']."' AND user_ban='1'"))
|
||||
if ($_POST['email'] && $sql->db_Select("user", "*", "user_email='".$_POST['email']."' AND user_ban='".USER_BANNED."'"))
|
||||
{
|
||||
exit;
|
||||
}
|
||||
@@ -693,12 +708,9 @@ global $db_debug;
|
||||
$ue_fields .= $key."='".$val."'";
|
||||
}
|
||||
|
||||
$u_key = md5(uniqid(rand(), 1));
|
||||
$u_key = md5(uniqid(rand(), 1)); // Key for signup completion
|
||||
// ************* Possible class insert
|
||||
|
||||
require_once(e_HANDLER.'password_handler.php');
|
||||
$passhandler = new PasswordHandler();
|
||||
|
||||
// Following array will be logged to both admin log and user's entry
|
||||
$signup_data = array(
|
||||
'user_name' => $username,
|
||||
@@ -708,20 +720,23 @@ global $db_debug;
|
||||
|
||||
// Following array is logged to user's entry only
|
||||
$new_data = array(
|
||||
'user_password' => $sql->escape($passhandler->HashPassword($_POST['password1']), FALSE),
|
||||
'user_password' => $sql->escape($user_info->HashPassword($_POST['password1'], $loginname), FALSE),
|
||||
'user_sess' => $u_key,
|
||||
'user_signature' => $tp -> toDB($_POST['signature']),
|
||||
'user_image' => $tp -> toDB($_POST['image']),
|
||||
'user_hideemail' => $tp -> toDB($_POST['hideemail']),
|
||||
'user_join' => time(),
|
||||
'user_currentvisit' => time(),
|
||||
'user_ban' => 2,
|
||||
'user_ban' => USER_REGISTERED_NOT_VALIDATED,
|
||||
'user_login' => $tp -> toDB($_POST['realname']),
|
||||
'user_xup' => $tp -> toDB($_POST['xupexist'])
|
||||
);
|
||||
if (varsettrue($pref['allowEmailLogin']))
|
||||
{ // Need to create separate password for email login
|
||||
$new_data['user_prefs'] = serialize(array('email_password' => $user_info->HashPassword($_POST['password1'], $new_data['user_email'])));
|
||||
}
|
||||
|
||||
$nid = $sql->db_Insert("user", array_merge($signup_data,$new_data));
|
||||
// $nid = $sql->db_Insert("user", "0, '{$username}', '{$loginname}', '', '".md5($_POST['password1'])."', '{$u_key}', '".$tp -> toDB($_POST['email'])."', '".$tp -> toDB($_POST['signature'])."', '".$tp -> toDB($_POST['image'])."', '".$tp -> toDB($_POST['hideemail'])."', '".$time."', '0', '".$time."', '0', '0', '0', '0', '".$ip."', '2', '0', '', '', '0', '0', '".$tp -> toDB($_POST['realname'])."', '', '', '', '0', '".$tp -> toDB($_POST['xupexist'])."' ");
|
||||
|
||||
// Log to user audit log if enabled
|
||||
$signup_data['user_id'] = $nid;
|
||||
@@ -738,6 +753,13 @@ global $db_debug;
|
||||
}
|
||||
|
||||
|
||||
$adviseLoginName = '';
|
||||
if (varsettrue($pref['predefinedLoginName']))
|
||||
{
|
||||
$adviseLoginName = LAN_SIGNUP_65.': '.$loginname.'<br />'.LAN_SIGNUP_66.'<br />';
|
||||
}
|
||||
|
||||
|
||||
if ($pref['user_reg_veri'])
|
||||
{ // Verification required (may be by email or by admin)
|
||||
|
||||
@@ -778,19 +800,19 @@ global $db_debug;
|
||||
$e_event->trigger("usersup", $_POST); // send everything in the template, including extended fields.
|
||||
|
||||
require_once(HEADERF);
|
||||
if($pref['signup_text_after'])
|
||||
if (isset($pref['signup_text_after']) && (strlen($pref['signup_text_after']) > 2))
|
||||
{
|
||||
$text = $tp->toHTML($pref['signup_text_after'], TRUE, 'parse_sc,defs')."<br />";
|
||||
$text = $tp->toHTML(str_replace('{NEWLOGINNAME}', $loginname, $pref['signup_text_after']), TRUE, 'parse_sc,defs')."<br />";
|
||||
}
|
||||
else
|
||||
{
|
||||
if ($pref['user_reg_veri'] == 2)
|
||||
{
|
||||
$text = LAN_SIGNUP_37;
|
||||
$text = LAN_SIGNUP_37.'<br /><br />'.$adviseLoginName;
|
||||
}
|
||||
else
|
||||
{
|
||||
$text = LAN_405;
|
||||
$text = LAN_405.'<br /><br />'.$adviseLoginName;
|
||||
}
|
||||
}
|
||||
if(isset($error_message))
|
||||
@@ -806,7 +828,7 @@ global $db_debug;
|
||||
require_once(HEADERF);
|
||||
|
||||
if(!$sql -> db_Select("user", "user_id", "user_name='{$username}' AND user_password='".$new_data['user_password']."'"))
|
||||
{
|
||||
{ // Error looking up newly created user
|
||||
$ns->tablerender("", LAN_SIGNUP_36);
|
||||
require_once(FOOTERF);
|
||||
exit;
|
||||
@@ -818,7 +840,7 @@ global $db_debug;
|
||||
if (isset($_POST['class'])) $init_classes = array_unique(array_merge($init_classes, $_POST['class']));
|
||||
|
||||
// Set member as registered, update classes
|
||||
$sql->db_Update("user", "user_ban = '0', user_class='".$tp -> toDB(implode(',',$init_classes))."' WHERE user_id = '{$nid}'");
|
||||
$sql->db_Update("user", "user_ban = '".USER_VALIDATED."', user_class='".$tp -> toDB(implode(',',$init_classes))."' WHERE user_id = '{$nid}'");
|
||||
|
||||
|
||||
// ======== save extended fields to DB table.
|
||||
@@ -828,14 +850,13 @@ global $db_debug;
|
||||
$sql->db_Update("user_extended", $ue_fields." WHERE user_extended_id = '{$nid}'");
|
||||
}
|
||||
|
||||
// ==========================================================
|
||||
$_POST['ip'] = $ip;
|
||||
$_POST['user_id'] = $nid;
|
||||
$_POST['user_id'] = $nid; // ID for the user
|
||||
$e_event->trigger("usersup", $_POST); // send everything in the template, including extended fields.
|
||||
|
||||
if($pref['signup_text_after'])
|
||||
if (isset($pref['signup_text_after']) && (strlen($pref['signup_text_after']) > 2))
|
||||
{
|
||||
$text = $tp->toHTML($pref['signup_text_after'], TRUE, 'parse_sc,defs')."<br />";
|
||||
$text = $tp->toHTML(str_replace('{NEWLOGINNAME}', $loginname, $pref['signup_text_after']), TRUE, 'parse_sc,defs')."<br />";
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -846,8 +867,9 @@ global $db_debug;
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Disable the signup form - if either there was an error, or starting from scratch
|
||||
require_once(HEADERF);
|
||||
|
||||
$qs = ($error ? "stage" : e_QUERY);
|
||||
@@ -898,13 +920,14 @@ $ns->tablerender(LAN_123, $text);
|
||||
|
||||
require_once(FOOTERF);
|
||||
|
||||
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------//
|
||||
|
||||
//----------------------------------
|
||||
// Function returns an image if a fild is required.
|
||||
function req($field)
|
||||
{
|
||||
return ($field == 2 ? REQUIRED_FIELD_MARKER : "");
|
||||
}
|
||||
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------//
|
||||
//----------------------------------
|
||||
|
||||
function headerjs()
|
||||
{
|
||||
|
||||
243
usersettings.php
243
usersettings.php
@@ -11,8 +11,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/usersettings.php,v $
|
||||
| $Revision: 1.24 $
|
||||
| $Date: 2008-03-17 20:45:29 $
|
||||
| $Revision: 1.25 $
|
||||
| $Date: 2008-06-13 20:20:20 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
|
||||
@@ -27,7 +27,9 @@ Admin log events:
|
||||
require_once("class2.php");
|
||||
require_once(e_HANDLER."ren_help.php");
|
||||
require_once(e_HANDLER."user_extended_class.php");
|
||||
require_once(e_HANDLER."user_handler.php");
|
||||
$ue = new e107_user_extended;
|
||||
$user_info = new UserHandler;
|
||||
|
||||
//define("US_DEBUG",TRUE);
|
||||
define("US_DEBUG",FALSE);
|
||||
@@ -64,6 +66,8 @@ $sesschange = ''; // Notice removal
|
||||
$photo_to_delete = '';
|
||||
$avatar_to_delete = '';
|
||||
$changed_user_data = array();
|
||||
$ue_fields = '';
|
||||
$promptPassword = FALSE;
|
||||
|
||||
require_once(HEADERF);
|
||||
|
||||
@@ -92,20 +96,9 @@ function addCommonClasses($udata)
|
||||
//-----------------------------------
|
||||
$error = "";
|
||||
|
||||
if (isset($_POST['updatesettings']))
|
||||
if (isset($_POST['updatesettings']) || isset($_POST['SaveValidatedInfo']))
|
||||
{
|
||||
if(!varsettrue($pref['auth_method']) || $pref['auth_method'] == '>e107')
|
||||
{
|
||||
$pref['auth_method'] = 'e107';
|
||||
}
|
||||
|
||||
if($pref['auth_method'] != 'e107')
|
||||
{
|
||||
$_POST['password1'] = '';
|
||||
$_POST['password2'] = '';
|
||||
}
|
||||
|
||||
|
||||
// Get the required user info
|
||||
if ($_uid && ADMIN)
|
||||
{ // Admin logged in and editing another user's settings - so editing a different ID
|
||||
$inp = $_uid;
|
||||
@@ -120,14 +113,23 @@ if (isset($_POST['updatesettings']))
|
||||
$udata = get_user_data($inp); // Get all the existing user data, including any extended fields
|
||||
$udata['user_classlist'] = addCommonClasses($udata);
|
||||
|
||||
$peer = ($inp == USERID ? false : true);
|
||||
/*
|
||||
echo "<pre>";
|
||||
var_dump($udata);
|
||||
echo "</pre>";
|
||||
*/
|
||||
$peer = ($inp == USERID ? false : true); // FALSE if editing own data
|
||||
}
|
||||
|
||||
|
||||
if (isset($_POST['updatesettings']))
|
||||
{
|
||||
if(!varsettrue($pref['auth_method']) || $pref['auth_method'] == '>e107')
|
||||
{
|
||||
$pref['auth_method'] = 'e107';
|
||||
}
|
||||
|
||||
if($pref['auth_method'] != 'e107')
|
||||
{
|
||||
$_POST['password1'] = '';
|
||||
$_POST['password2'] = '';
|
||||
}
|
||||
|
||||
// Check external avatar
|
||||
if ($_POST['image'])
|
||||
{
|
||||
@@ -266,6 +268,7 @@ if (isset($_POST['updatesettings']))
|
||||
|
||||
|
||||
// Password checks
|
||||
$new_pass = '';
|
||||
if ($_POST['password1'] != $_POST['password2'])
|
||||
{
|
||||
$error .= LAN_105."\\n";
|
||||
@@ -278,7 +281,7 @@ if (isset($_POST['updatesettings']))
|
||||
{
|
||||
$error .= LAN_SIGNUP_4.$pref['signup_pass_len'].LAN_SIGNUP_5."\\n";
|
||||
}
|
||||
$changed_user_data['user_password'] = md5(trim($_POST['password1']));
|
||||
$new_pass = $_POST['password1']; // Don't hash it yet
|
||||
}
|
||||
}
|
||||
|
||||
@@ -301,7 +304,7 @@ if (isset($_POST['updatesettings']))
|
||||
|
||||
|
||||
// Uploaded avatar and/or photo
|
||||
if (isset($_FILES['file_userfile']['error']))
|
||||
if ($file_userfile['error'] != 4)
|
||||
{
|
||||
require_once(e_HANDLER."upload_handler.php");
|
||||
require_once(e_HANDLER."resize_handler.php");
|
||||
@@ -374,37 +377,31 @@ if (isset($_POST['updatesettings']))
|
||||
}
|
||||
}
|
||||
|
||||
$ue_fields = "";
|
||||
foreach($_POST['ue'] as $key => $val)
|
||||
{
|
||||
$err = false;
|
||||
$parms = explode("^,^", $extList[$key]['user_extended_struct_parms']);
|
||||
$regex = $tp->toText($parms[1]);
|
||||
$regexfail = $tp->toText($parms[2]);
|
||||
if(defined($regexfail)) {$regexfail = constant($regexfail);}
|
||||
if($val == '' && $extList[$key]['user_extended_struct_required'] == 1 && !$_uid)
|
||||
{
|
||||
$error .= LAN_SIGNUP_6.($tp->toHtml($extList[$key]['user_extended_struct_text'],FALSE,"defs"))." ".LAN_SIGNUP_7."\\n";
|
||||
$err = TRUE;
|
||||
$err = $ue->user_extended_validate_entry($val,$extList[$key]);
|
||||
if($err === TRUE && !$_uid)
|
||||
{ // General error - usually empty field; could be unacceptable value, or regex fail and no error message defined
|
||||
$error .= LAN_SIGNUP_6.($tp->toHtml($extList[$key]['user_extended_struct_text'],FALSE,"defs"))." ".LAN_SIGNUP_7."\\n";
|
||||
}
|
||||
if($regex != "" && $val != "")
|
||||
{
|
||||
if(!preg_match($regex, $val))
|
||||
{
|
||||
$error .= $regexfail."\\n";
|
||||
$err = TRUE;
|
||||
}
|
||||
elseif ($err)
|
||||
{ // Specific error message returned - usually regex fail
|
||||
$error .= $err."\\n";
|
||||
$err = TRUE;
|
||||
}
|
||||
if(!$err)
|
||||
{
|
||||
$val = $tp->toDB($val);
|
||||
$ue_fields .= ($ue_fields) ? ", " : "";
|
||||
$ue_fields .= $key."='".$val."'";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
unset($_POST['password1']); // Always clear the password fields - value noted if required
|
||||
unset($_POST['password2']);
|
||||
|
||||
|
||||
// All key fields validated here
|
||||
// -----------------------------
|
||||
@@ -412,10 +409,6 @@ if (isset($_POST['updatesettings']))
|
||||
// $inp - UID of user whose data is being changed (may not be the currently logged in user)
|
||||
if (!$error)
|
||||
{
|
||||
unset($_POST['password1']);
|
||||
unset($_POST['password2']);
|
||||
|
||||
|
||||
$_POST['user_id'] = intval($inp);
|
||||
|
||||
|
||||
@@ -423,9 +416,7 @@ if (isset($_POST['updatesettings']))
|
||||
|
||||
if ($ret == '')
|
||||
{
|
||||
// Either delete this block, or delete user_customtitle from the later loop for non-vetted fields
|
||||
$new_customtitle = "";
|
||||
if(isset($_POST['customtitle']) && ($pref['signup_option_customtitle'] || ADMIN))
|
||||
if(isset($_POST['customtitle']) && ($pref['signup_option_customtitle']))
|
||||
{
|
||||
$new_customtitle = $tp->toDB($_POST['customtitle']);
|
||||
if ($new_customtitle != $udata['user_customtitle']) $changed_user_data['user_customtitle'] = $new_customtitle;
|
||||
@@ -511,8 +502,88 @@ if (isset($_POST['updatesettings']))
|
||||
{
|
||||
unset($changed_user_data['user_loginname']);
|
||||
}
|
||||
}
|
||||
else
|
||||
{ // Invalid data - from hooked in trigger event
|
||||
$message = "<div style='text-align:center'>".$ret."</div>";
|
||||
$caption = LAN_151;
|
||||
}
|
||||
}
|
||||
} // End - update setttings
|
||||
elseif (isset($_POST['SaveValidatedInfo']))
|
||||
{ // Next bit only valid if user editing their own data
|
||||
if (!$peer && !empty($_POST['updated_data']) && !empty($_POST['currentpassword']) && !empty($_POST['updated_key']))
|
||||
{ // Got some data confirmed with password entry
|
||||
$new_data = base64_decode($_POST['updated_data']);
|
||||
if (md5($new_data) != $_POST['updated_key'])
|
||||
{ // Should only happen if someone's fooling around
|
||||
echo "Mismatch on validation key<br />";
|
||||
exit;
|
||||
}
|
||||
|
||||
if (isset($_POST['updated_extended']))
|
||||
{
|
||||
$new_extended = base64_decode($_POST['updated_extended']);
|
||||
if (md5($new_extended) != $_POST['extended_key'])
|
||||
{ // Should only happen if someone's fooling around
|
||||
echo "Mismatch on validity key<br />";
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
if ($user_info->CheckPassword($_POST['currentpassword'],$udata['user_loginname'], $udata['user_password']) === FALSE) // Use old data to validate
|
||||
{ // Invalid password
|
||||
echo "<br />".LAN_USET_22."<br />";
|
||||
require_once(FOOTERF);
|
||||
exit;
|
||||
}
|
||||
$changed_user_data = unserialize($new_data);
|
||||
$new_pass = $_POST['currentpassword'];
|
||||
if (!empty($new_extended)) $ue_fields = unserialize($new_extended);
|
||||
unset($new_data);
|
||||
unset($new_extended);
|
||||
}
|
||||
}
|
||||
unset($_POST['updatesettings']);
|
||||
unset($_POST['SaveValidatedInfo']);
|
||||
|
||||
|
||||
// At this point we know the error status.
|
||||
// $changed_user_data has an array of core changed data, except password, which is in $new_pass if changed (or entered as confirmation).
|
||||
if (!$error && (count($changed_user_data) || $new_pass))
|
||||
{
|
||||
// Sort out password hashes
|
||||
if ($new_pass)
|
||||
{
|
||||
if (empty($loginname)) $loginname = $udata['user_loginname'];
|
||||
$email = $changed_user_data['user_email'] ? $changed_user_data['user_email'] : $udata['user_email'];
|
||||
$changed_user_data['user_password'] = $sql->escape($user_info->HashPassword($new_pass, $loginname), FALSE);
|
||||
if (varsettrue($pref['allowEmailLogin']))
|
||||
{
|
||||
$user_prefs = unserialize($udata['user_prefs']);
|
||||
$user_prefs['email_password'] = $user_info->HashPassword($new_pass, $email);
|
||||
$changed_user_data['user_prefs'] = serialize($user_prefs);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if ((isset($changed_user_data['user_loginname']) && $user_info->isPasswordRequired('user_loginname'))
|
||||
|| (isset($changed_user_data['user_email']) && $user_info->isPasswordRequired('user_email')))
|
||||
{
|
||||
if ($_uid)
|
||||
{ // Admin is changing it
|
||||
$error = LAN_USET_20;
|
||||
}
|
||||
else
|
||||
{ // User is changing their own info
|
||||
$promptPassword = TRUE;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ((!$error && !$promptPassword) && (count($changed_user_data) || $ue_fields))
|
||||
{
|
||||
// We can update the basic user record now - can just update fields from $changed_user_data
|
||||
if (US_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Usersettings test","Changed data:<br> ".var_export($changed_user_data,TRUE),FALSE,LOG_TO_ROLLING);
|
||||
$sql->db_UpdateArray("user",$changed_user_data," WHERE user_id='".intval($inp)."' ");
|
||||
@@ -551,7 +622,7 @@ if (isset($_POST['updatesettings']))
|
||||
if (isset($changed_user_data['user_password']))
|
||||
{
|
||||
if (isset($user_logging_opts[USER_AUDIT_NEW_PW]))
|
||||
{ // Password has already been changed to an md5(), so OK to leave the data
|
||||
{ // Password has already been changed to a hashed value, so OK to leave the data
|
||||
$do_log['user_password'] = $changed_user_data['user_password'];
|
||||
$log_action = USER_AUDIT_NEW_PW;
|
||||
}
|
||||
@@ -636,23 +707,24 @@ if (isset($_POST['updatesettings']))
|
||||
}
|
||||
$message = "<div style='text-align:center'>".LAN_150."</div>";
|
||||
$caption = LAN_151;
|
||||
}
|
||||
else
|
||||
{ // Invalid data
|
||||
$message = "<div style='text-align:center'>".$ret."</div>";
|
||||
$caption = LAN_151;
|
||||
}
|
||||
unset($_POST);
|
||||
}
|
||||
}
|
||||
} // End - if (!$error)...
|
||||
|
||||
|
||||
if (!$error && !$promptPassword) unset($_POST);
|
||||
|
||||
|
||||
|
||||
|
||||
if ($error)
|
||||
{
|
||||
require_once(e_HANDLER."message_handler.php");
|
||||
message_handler("P_ALERT", $error);
|
||||
$adref = $_POST['adminreturn'];
|
||||
require_once(e_HANDLER."message_handler.php");
|
||||
message_handler("P_ALERT", $error);
|
||||
$adref = $_POST['adminreturn'];
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
// --- User data has been updated here if appropriate ---
|
||||
|
||||
if(isset($message))
|
||||
@@ -661,12 +733,55 @@ if(isset($message))
|
||||
}
|
||||
|
||||
|
||||
//-----------------------------------------------------
|
||||
// Re-read the user data into curVal (ready for display)
|
||||
//-----------------------------------------------------
|
||||
|
||||
|
||||
$uuid = ($_uid) ? $_uid : USERID; // If $_uid is set, its an admin changing another user's data
|
||||
|
||||
|
||||
|
||||
if ($promptPassword)
|
||||
{ // User has to enter password to validate data
|
||||
$updated_data = serialize($changed_user_data);
|
||||
$validation_key = md5($updated_data);
|
||||
$updated_data = base64_encode($updated_data);
|
||||
$updated_extended = serialize($ue_fields);
|
||||
$extended_key = md5($updated_extended);
|
||||
$updated_extended = base64_encode($updated_extended);
|
||||
$text = "<form method='post' action='".e_SELF.(e_QUERY ? "?".e_QUERY : '')."'>
|
||||
<table><tr><td style='text-align:center'>";
|
||||
foreach ($_POST as $k => $v)
|
||||
{
|
||||
if (is_array($v))
|
||||
{
|
||||
foreach ($v as $sk => $sv)
|
||||
{
|
||||
$text .= "<input type='hidden' name='{$k}[{$sk}]' value='{$sv}' />\n";
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$text .= "<input type='hidden' name='{$k}' value='{$v}' />\n";
|
||||
}
|
||||
}
|
||||
$text .= LAN_USET_21."</td></tr><tr><td> </td></tr>
|
||||
<tr><td style='text-align:center'><input type='password' name='currentpassword' value='' size='30' />";
|
||||
$text .= "<input type='hidden' name='updated_data' value='{$updated_data}' /><input type='hidden' name='updated_key' value='{$validation_key}' />
|
||||
<input type='hidden' name='updated_extended' value='{$updated_extended}' /><input type='hidden' name='extended_key' value='{$extended_key}' />
|
||||
</td></tr>
|
||||
<tr><td> </td></tr>
|
||||
<tr><td style='text-align:center'><input type='submit' name='SaveValidatedInfo' value='".LAN_ENTER."' /></td></tr>
|
||||
</table>
|
||||
</form>";
|
||||
$ns->tablerender(LAN_155, $text);
|
||||
require_once(FOOTERF);
|
||||
}
|
||||
|
||||
|
||||
|
||||
//--------------------------------------------------------
|
||||
// Re-read the user data into curVal (ready for display)
|
||||
//--------------------------------------------------------
|
||||
|
||||
$qry = "
|
||||
SELECT u.*, ue.* FROM #user AS u
|
||||
LEFT JOIN #user_extended AS ue ON ue.user_extended_id = u.user_id
|
||||
|
||||
Reference in New Issue
Block a user