| Zeile 1 | Zeile 1 |
|---|
<?php
|
<?php
|
| | /**
* MyBB 1.6
* Copyright 2010 MyBB Group, All Rights Reserved
*
* Website: http://mybb.com
* License: http://mybb.com/about/license
*
* $Id$
*/
|
/**
* Checks if a user with uid $uid exists in the database.
|
/**
* Checks if a user with uid $uid exists in the database.
|
| Zeile 11 | Zeile 20 |
|---|
global $db;
$query = $db->simple_select("users", "COUNT(*) as user", "uid='".intval($uid)."'", array('limit' => 1));
|
global $db;
$query = $db->simple_select("users", "COUNT(*) as user", "uid='".intval($uid)."'", array('limit' => 1));
|
if($db->fetch_field($query, 'user') == 1)
{
return true;
}
| if($db->fetch_field($query, 'user') == 1)
{
return true;
}
|
else
{
return false;
| else
{
return false;
|
| Zeile 30 | Zeile 39 |
|---|
function username_exists($username)
{
global $db;
|
function username_exists($username)
{
global $db;
|
$query = $db->simple_select("users", "COUNT(*) as user", "username='".$db->escape_string($username)."'", array('limit' => 1));
|
$username = $db->escape_string(my_strtolower($username));
$query = $db->simple_select("users", "COUNT(*) as user", "LOWER(username)='".$username."' OR LOWER(email)='".$username."'", array('limit' => 1));
|
if($db->fetch_field($query, 'user') == 1)
{
return true;
| if($db->fetch_field($query, 'user') == 1)
{
return true;
|
| Zeile 50 | Zeile 62 |
|---|
*/
function validate_password_from_username($username, $password)
{
|
*/
function validate_password_from_username($username, $password)
{
|
global $db;
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "username='".$db->escape_string($username)."'", array('limit' => 1));
| global $db, $mybb;
$username = $db->escape_string(my_strtolower($username));
switch($mybb->settings['username_method'])
{
case 0:
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(username)='".$username."'", array('limit' => 1));
break;
case 1:
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(email)='".$username."'", array('limit' => 1));
break;
case 2:
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(username)='".$username."' OR LOWER(email)='".$username."'", array('limit' => 1));
break;
default:
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(username)='".$username."'", array('limit' => 1));
break;
}
|
$user = $db->fetch_array($query);
if(!$user['uid'])
{
| $user = $db->fetch_array($query);
if(!$user['uid'])
{
|
| Zeile 61 | Zeile 89 |
|---|
else
{
return validate_password_from_uid($user['uid'], $password, $user);
|
else
{
return validate_password_from_uid($user['uid'], $password, $user);
|
}
}
/**
| }
}
/**
|
* Checks a password with a supplied uid.
*
* @param int The user id.
| * Checks a password with a supplied uid.
*
* @param int The user id.
|
| Zeile 75 | Zeile 103 |
|---|
function validate_password_from_uid($uid, $password, $user = array())
{
global $db, $mybb;
|
function validate_password_from_uid($uid, $password, $user = array())
{
global $db, $mybb;
|
if($mybb->user['uid'] == $uid)
{
| if(isset($mybb->user['uid']) && $mybb->user['uid'] == $uid)
{
|
$user = $mybb->user;
}
if(!$user['password'])
|
$user = $mybb->user;
}
if(!$user['password'])
|
{
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,usergroup", "uid='".intval($uid)."'", array('limit' => 1));
| {
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,usergroup", "uid='".intval($uid)."'");
|
$user = $db->fetch_array($query);
}
if(!$user['salt'])
| $user = $db->fetch_array($query);
}
if(!$user['salt'])
|
| Zeile 89 | Zeile 117 |
|---|
// Generate a salt for this user and assume the password stored in db is a plain md5 password
$user['salt'] = generate_salt();
$user['password'] = salt_password($user['password'], $user['salt']);
|
// Generate a salt for this user and assume the password stored in db is a plain md5 password
$user['salt'] = generate_salt();
$user['password'] = salt_password($user['password'], $user['salt']);
|
$sql_array = array(
| $sql_array = array(
|
"salt" => $user['salt'],
"password" => $user['password']
);
|
"salt" => $user['salt'],
"password" => $user['password']
);
|
$db->update_query("users", $sql_array, "uid='".$user['uid']."'", 1);
| $db->update_query("users", $sql_array, "uid='".$user['uid']."'");
|
}
if(!$user['loginkey'])
| }
if(!$user['loginkey'])
|
| Zeile 102 | Zeile 130 |
|---|
$sql_array = array(
"loginkey" => $user['loginkey']
);
|
$sql_array = array(
"loginkey" => $user['loginkey']
);
|
$db->update_query("users", $sql_array, "uid = ".$user['uid'], 1);
| $db->update_query("users", $sql_array, "uid = ".$user['uid']);
|
}
if(salt_password(md5($password), $user['salt']) == $user['password'])
{
return $user;
|
}
if(salt_password(md5($password), $user['salt']) == $user['password'])
{
return $user;
|
}
| }
|
else
{
return false;
| else
{
return false;
|
| Zeile 130 | Zeile 158 |
|---|
// If no salt was specified, check in database first, if still doesn't exist, create one
if(!$salt)
|
// If no salt was specified, check in database first, if still doesn't exist, create one
if(!$salt)
|
{
$query = $db->simple_select("users", "salt", "uid='$uid'", array('limit' => 1));
| {
$query = $db->simple_select("users", "salt", "uid='$uid'");
|
$user = $db->fetch_array($query);
if($user['salt'])
{
| $user = $db->fetch_array($query);
if($user['salt'])
{
|
| Zeile 146 | Zeile 174 |
|---|
// Create new password based on salt
$saltedpw = salt_password($password, $salt);
|
// Create new password based on salt
$saltedpw = salt_password($password, $salt);
|
|
|
// Generate new login key
$loginkey = generate_loginkey();
// Update password and login key in database
$newpassword['password'] = $saltedpw;
$newpassword['loginkey'] = $loginkey;
|
// Generate new login key
$loginkey = generate_loginkey();
// Update password and login key in database
$newpassword['password'] = $saltedpw;
$newpassword['loginkey'] = $loginkey;
|
$db->update_query("users", $newpassword, "uid='$uid'", 1);
| $db->update_query("users", $newpassword, "uid='$uid'");
|
$plugins->run_hooks("password_changed");
|
$plugins->run_hooks("password_changed");
|
| Zeile 162 | Zeile 190 |
|---|
/**
* Salts a password based on a supplied salt.
|
/**
* Salts a password based on a supplied salt.
|
*
| *
|
* @param string The md5()'ed password.
* @param string The salt.
* @return string The password hash.
| * @param string The md5()'ed password.
* @param string The salt.
* @return string The password hash.
|
| Zeile 170 | Zeile 198 |
|---|
function salt_password($password, $salt)
{
return md5(md5($salt).$password);
|
function salt_password($password, $salt)
{
return md5(md5($salt).$password);
|
}
| }
|
/**
* Generates a random salt
|
/**
* Generates a random salt
|
| Zeile 178 | Zeile 206 |
|---|
* @return string The salt.
*/
function generate_salt()
|
* @return string The salt.
*/
function generate_salt()
|
{
| {
|
return random_str(8);
}
| return random_str(8);
}
|
| Zeile 194 | Zeile 222 |
|---|
/**
* Updates a user's salt in the database (does not update a password).
|
/**
* Updates a user's salt in the database (does not update a password).
|
*
* @param int The uid of the user to update.
| *
* @param int The uid of the user to update.
|
* @return string The new salt.
*/
function update_salt($uid)
| * @return string The new salt.
*/
function update_salt($uid)
|
| Zeile 206 | Zeile 234 |
|---|
$sql_array = array(
"salt" => $salt
);
|
$sql_array = array(
"salt" => $salt
);
|
$db->update_query("users", $sql_array, "uid='{$uid}'", 1);
| $db->update_query("users", $sql_array, "uid='{$uid}'");
|
return $salt;
}
|
return $salt;
}
|
| Zeile 225 | Zeile 253 |
|---|
$sql_array = array(
"loginkey" => $loginkey
);
|
$sql_array = array(
"loginkey" => $loginkey
);
|
$db->update_query("users", $sql_array, "uid='{$uid}'", 1);
| $db->update_query("users", $sql_array, "uid='{$uid}'");
|
return $loginkey;
|
return $loginkey;
|
| Zeile 254 | Zeile 282 |
|---|
return;
}
|
return;
}
|
$query = $db->simple_select("threadsubscriptions", "*", "tid='".intval($tid)."' AND uid='".intval($uid)."'", array('limit' => 1));
| $query = $db->simple_select("threadsubscriptions", "*", "tid='".intval($tid)."' AND uid='".intval($uid)."'");
|
$subscription = $db->fetch_array($query);
if(!$subscription['tid'])
{
| $subscription = $db->fetch_array($query);
if(!$subscription['tid'])
{
|
| Zeile 314 | Zeile 342 |
|---|
* @return boolean True when success, false when otherwise.
*/
function add_subscribed_forum($fid, $uid="")
|
* @return boolean True when success, false when otherwise.
*/
function add_subscribed_forum($fid, $uid="")
|
{
global $mybb, $db;
if(!$uid)
{
$uid = $mybb->user['uid'];
}
if(!$uid)
{
return;
}
| {
global $mybb, $db;
if(!$uid)
{
$uid = $mybb->user['uid'];
}
if(!$uid)
{
return;
}
|
$fid = intval($fid);
$uid = intval($uid);
$query = $db->simple_select("forumsubscriptions", "*", "fid='".$fid."' AND uid='{$uid}'", array('limit' => 1));
$fsubscription = $db->fetch_array($query);
if(!$fsubscription['fid'])
|
$fid = intval($fid);
$uid = intval($uid);
$query = $db->simple_select("forumsubscriptions", "*", "fid='".$fid."' AND uid='{$uid}'", array('limit' => 1));
$fsubscription = $db->fetch_array($query);
if(!$fsubscription['fid'])
|
{
| {
|
$insert_array = array(
'fid' => $fid,
'uid' => $uid
);
$db->insert_query("forumsubscriptions", $insert_array);
|
$insert_array = array(
'fid' => $fid,
'uid' => $uid
);
$db->insert_query("forumsubscriptions", $insert_array);
|
}
return true;
| }
return true;
|
}
/**
| }
/**
|
| Zeile 355 | Zeile 383 |
|---|
function remove_subscribed_forum($fid, $uid="")
{
global $mybb, $db;
|
function remove_subscribed_forum($fid, $uid="")
{
global $mybb, $db;
|
if(!$uid)
{
|
if(!$uid)
{
|
$uid = $mybb->user['uid'];
}
| $uid = $mybb->user['uid'];
}
|
| Zeile 388 | Zeile 416 |
|---|
$plugins->add_hook("usercp_menu", "usercp_menu_profile", 20);
$plugins->add_hook("usercp_menu", "usercp_menu_misc", 30);
|
$plugins->add_hook("usercp_menu", "usercp_menu_profile", 20);
$plugins->add_hook("usercp_menu", "usercp_menu_misc", 30);
|
|
|
// Run the plugin hooks
$plugins->run_hooks("usercp_menu");
global $usercpmenu;
|
// Run the plugin hooks
$plugins->run_hooks("usercp_menu");
global $usercpmenu;
|
|
|
eval("\$usercpnav = \"".$templates->get("usercp_nav")."\";");
$plugins->run_hooks("usercp_menu_built");
|
eval("\$usercpnav = \"".$templates->get("usercp_nav")."\";");
$plugins->run_hooks("usercp_menu_built");
|
}
| }
|
/**
* Constructs the usercp messenger menu.
*
*/
function usercp_menu_messenger()
|
/**
* Constructs the usercp messenger menu.
*
*/
function usercp_menu_messenger()
|
{
global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg;
| {
global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg;
$usercp_nav_messenger = $templates->get("usercp_nav_messenger");
// Hide tracking link if no permission
$tracking = '';
if($mybb->usergroup['cantrackpms'])
{
$tracking = $templates->get("usercp_nav_messenger_tracking");
}
eval("\$ucp_nav_tracking = \"". $tracking ."\";");
|
|
|
| | $folderlinks = '';
|
$foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
foreach($foldersexploded as $key => $folders)
{
$folderinfo = explode("**", $folders, 2);
$folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
if($folderinfo[0] == 4)
|
$foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
foreach($foldersexploded as $key => $folders)
{
$folderinfo = explode("**", $folders, 2);
$folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
if($folderinfo[0] == 4)
|
{
| {
|
$class = "usercp_nav_trash_pmfolder";
|
$class = "usercp_nav_trash_pmfolder";
|
}
| }
|
else if($folderlinks)
{
$class = "usercp_nav_sub_pmfolder";
}
else
|
else if($folderlinks)
{
$class = "usercp_nav_sub_pmfolder";
}
else
|
{
| {
|
$class = "usercp_nav_pmfolder";
}
|
$class = "usercp_nav_pmfolder";
}
|
|
|
$folderlinks .= "<div><a href=\"private.php?fid=$folderinfo[0]\" class=\"usercp_nav_item {$class}\">$folderinfo[1]</a></div>\n";
}
|
$folderlinks .= "<div><a href=\"private.php?fid=$folderinfo[0]\" class=\"usercp_nav_item {$class}\">$folderinfo[1]</a></div>\n";
}
|
eval("\$usercpmenu .= \"".$templates->get("usercp_nav_messenger")."\";");
}
| eval("\$usercpmenu .= \"".$usercp_nav_messenger."\";");
}
|
/**
* Constructs the usercp profile menu.
*
| /**
* Constructs the usercp profile menu.
*
|
| Zeile 437 | Zeile 475 |
|---|
function usercp_menu_profile()
{
global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg;
|
function usercp_menu_profile()
{
global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg;
|
|
|
if($mybb->usergroup['canchangename'] != 0)
|
if($mybb->usergroup['canchangename'] != 0)
|
{
| {
|
eval("\$changenameop = \"".$templates->get("usercp_nav_changename")."\";");
|
eval("\$changenameop = \"".$templates->get("usercp_nav_changename")."\";");
|
}
| }
|
|
|
if($mybb->user['suspendsignature'] == 0 || ($mybb->user['suspendsignature'] == 1 && $mybb->user['suspendsigtime'] < TIME_NOW))
| if($mybb->usergroup['canusesig'] == 1 && ($mybb->usergroup['canusesigxposts'] == 0 || $mybb->usergroup['canusesigxposts'] > 0 && $mybb->user['postnum'] > $mybb->usergroup['canusesigxposts']))
|
{
|
{
|
eval("\$changesigop = \"".$templates->get("usercp_nav_editsignature")."\";");
| if($mybb->user['suspendsignature'] == 0 || $mybb->user['suspendsignature'] == 1 && $mybb->user['suspendsigtime'] > 0 && $mybb->user['suspendsigtime'] < TIME_NOW)
{
eval("\$changesigop = \"".$templates->get("usercp_nav_editsignature")."\";");
}
|
}
|
}
|
|
|
eval("\$usercpmenu .= \"".$templates->get("usercp_nav_profile")."\";");
}
/**
* Constructs the usercp misc menu.
|
eval("\$usercpmenu .= \"".$templates->get("usercp_nav_profile")."\";");
}
/**
* Constructs the usercp misc menu.
|
*
*/
| *
*/
|
function usercp_menu_misc()
{
global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg;
|
function usercp_menu_misc()
{
global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg;
|
|
$draftstart = $draftend = $draftcount = '';
$query = $db->simple_select("posts", "COUNT(*) AS draftcount", "visible='-2' AND uid='".$mybb->user['uid']."'");
$count = $db->fetch_array($query);
|
if($count['draftcount'] > 0)
{
$draftstart = "<strong>";
$draftend = "</strong>";
|
if($count['draftcount'] > 0)
{
$draftstart = "<strong>";
$draftend = "</strong>";
|
| | $draftcount = "(".my_number_format($count['draftcount']).")";
|
}
|
}
|
| |
|
$profile_link = get_profile_link($mybb->user['uid']);
|
$profile_link = get_profile_link($mybb->user['uid']);
|
| |
eval("\$usercpmenu .= \"".$templates->get("usercp_nav_misc")."\";");
}
| eval("\$usercpmenu .= \"".$templates->get("usercp_nav_misc")."\";");
}
|
| Zeile 476 | Zeile 523 |
|---|
* @return string The usertitle of the user.
*/
function get_usertitle($uid="")
|
* @return string The usertitle of the user.
*/
function get_usertitle($uid="")
|
{
global $db, $mybb;
| {
global $db, $mybb;
|
if($mybb->user['uid'] == $uid)
{
$user = $mybb->user;
| if($mybb->user['uid'] == $uid)
{
$user = $mybb->user;
|
| Zeile 494 | Zeile 541 |
|---|
return $user['usertitle'];
}
else
|
return $user['usertitle'];
}
else
|
{
| {
|
$query = $db->simple_select("usertitles", "title", "posts<='".$user['postnum']."'", array('order_by' => 'posts', 'order_dir' => 'desc'));
$usertitle = $db->fetch_array($query);
| $query = $db->simple_select("usertitles", "title", "posts<='".$user['postnum']."'", array('order_by' => 'posts', 'order_dir' => 'desc'));
$usertitle = $db->fetch_array($query);
|
| Zeile 518 | Zeile 565 |
|---|
if(intval($uid) == 0)
{
$uid = $mybb->user['uid'];
|
if(intval($uid) == 0)
{
$uid = $mybb->user['uid'];
|
| | }
$uid = intval($uid);
$pmcount = array();
if($uid == 0)
{
return $pmcount;
|
}
// Update total number of messages.
| }
// Update total number of messages.
|
| Zeile 536 | Zeile 590 |
|---|
$pmcount['unreadpms'] = $unread['pms_unread'];
}
|
$pmcount['unreadpms'] = $unread['pms_unread'];
}
|
if(is_array($pmcount))
| if(!empty($pmcount))
|
{
|
{
|
$db->update_query("users", $pmcount, "uid='".intval($uid)."'");
| $db->update_query("users", $pmcount, "uid='".$uid."'");
|
}
return $pmcount;
}
| }
return $pmcount;
}
|