API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 13th, 2016
224
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 46.42 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /***************************************************************************
  3. * usercp_register.php
  4. * -------------------
  5. * begin : Saturday, Feb 13, 2001
  6. * copyright : (C) 2001 The phpBB Group
  7. * email : support@phpbb.com
  8. *
  9. * $Id: usercp_register.php 6775 2006-12-17 10:51:27Z acydburn $
  10. *
  11. *
  12. ***************************************************************************/
  13.  
  14. /***************************************************************************
  15. *
  16. * This program is free software; you can redistribute it and/or modify
  17. * it under the terms of the GNU General Public License as published by
  18. * the Free Software Foundation; either version 2 of the License, or
  19. * (at your option) any later version.
  20. *
  21. *
  22. ***************************************************************************/
  23.  
  24. /*
  25.  
  26. This code has been modified from its original form by psoTFX @ phpbb.com
  27. Changes introduce the back-ported phpBB 2.2 visual confirmation code.
  28.  
  29. NOTE: Anyone using the modified code contained within this script MUST include
  30. a relevant message such as this in usercp_register.php ... failure to do so
  31. will affect a breach of Section 2a of the GPL and our copyright
  32.  
  33. png visual confirmation system : (c) phpBB Group, 2003 : All Rights Reserved
  34.  
  35. */
  36.  
  37. if ( !defined('IN_PHPBB') )
  38. {
  39. die("Hacking attempt");
  40. exit;
  41. }
  42.  
  43. $unhtml_specialchars_match = array('#&gt;#', '#&lt;#', '#&quot;#', '#&amp;#');
  44. $unhtml_specialchars_replace = array('>', '<', '"', '&');
  45.  
  46. // ---------------------------------------
  47. // Load agreement template since user has not yet
  48. // agreed to registration conditions/coppa
  49. //
  50. function show_coppa()
  51. {
  52. global $userdata, $template, $lang, $phpbb_root_path, $phpEx;
  53.  
  54. $template->set_filenames(array(
  55. 'body' => 'agreement.tpl')
  56. );
  57.  
  58. $template->assign_vars(array(
  59. 'REGISTRATION' => $lang['Registration'],
  60. 'AGREEMENT' => $lang['Reg_agreement'],
  61. "AGREE_OVER_13" => $lang['Agree_over_13'],
  62. "AGREE_UNDER_13" => $lang['Agree_under_13'],
  63. 'DO_NOT_AGREE' => $lang['Agree_not'],
  64.  
  65. "U_AGREE_OVER13" => append_sid("profile.$phpEx?mode=register&amp;agreed=true"),
  66. "U_AGREE_UNDER13" => append_sid("profile.$phpEx?mode=register&amp;agreed=true&amp;coppa=true"))
  67. );
  68.  
  69. $template->pparse('body');
  70.  
  71. }
  72. //
  73. // ---------------------------------------
  74.  
  75. $error = FALSE;
  76. $error_msg = '';
  77. $page_title = ( $mode == 'editprofile' ) ? $lang['Edit_profile'] : $lang['Register'];
  78.  
  79. if ( $mode == 'register' && !isset($HTTP_POST_VARS['agreed']) && !isset($HTTP_GET_VARS['agreed']) )
  80. {
  81. include($phpbb_root_path . 'includes/page_header.'.$phpEx);
  82.  
  83. show_coppa();
  84.  
  85. include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
  86. }
  87.  
  88. $coppa = ( empty($HTTP_POST_VARS['coppa']) && empty($HTTP_GET_VARS['coppa']) ) ? 0 : TRUE;
  89.  
  90. //
  91. // Check and initialize some variables if needed
  92. //
  93. if (
  94. // Modified for XSRF
  95. // isset($HTTP_POST_VARS['submit']) ||
  96. isset($HTTP_POST_VARS['Submit']) ||
  97. isset($HTTP_POST_VARS['avatargallery']) ||
  98. isset($HTTP_POST_VARS['submitavatar']) ||
  99. isset($HTTP_POST_VARS['cancelavatar']) ||
  100. $mode == 'register' )
  101. {
  102. include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
  103. include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
  104. include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
  105.  
  106. if ( $mode == 'editprofile' )
  107. {
  108. $user_id = intval($HTTP_POST_VARS['user_id']);
  109. $current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email']));
  110. }
  111.  
  112. $strip_var_list = array('email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests', 'confirm_code' => 'confirm_code');
  113.  
  114. // Strip all tags from data ... may p**s some people off, bah, strip_tags is
  115. // doing the job but can still break HTML output ... have no choice, have
  116. // to use htmlspecialchars ... be prepared to be moaned at.
  117. while( list($var, $param) = @each($strip_var_list) )
  118. {
  119. if ( !empty($HTTP_POST_VARS[$param]) )
  120. {
  121. $$var = trim(htmlspecialchars($HTTP_POST_VARS[$param]));
  122. }
  123. }
  124.  
  125. $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
  126.  
  127. $trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature');
  128.  
  129. while( list($var, $param) = @each($trim_var_list) )
  130. {
  131. if ( !empty($HTTP_POST_VARS[$param]) )
  132. {
  133. $$var = trim($HTTP_POST_VARS[$param]);
  134. }
  135. }
  136.  
  137. $signature = (isset($signature)) ? str_replace('<br />', "\n", $signature) : '';
  138. $signature_bbcode_uid = '';
  139.  
  140. // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to
  141. // empty strings if they fail.
  142. validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature);
  143.  
  144. $viewemail = ( isset($HTTP_POST_VARS['viewemail']) ) ? ( ($HTTP_POST_VARS['viewemail']) ? TRUE : 0 ) : 0;
  145. $allowviewonline = ( isset($HTTP_POST_VARS['hideonline']) ) ? ( ($HTTP_POST_VARS['hideonline']) ? 0 : TRUE ) : TRUE;
  146. $notifyreply = ( isset($HTTP_POST_VARS['notifyreply']) ) ? ( ($HTTP_POST_VARS['notifyreply']) ? TRUE : 0 ) : 0;
  147. $notifypm = ( isset($HTTP_POST_VARS['notifypm']) ) ? ( ($HTTP_POST_VARS['notifypm']) ? TRUE : 0 ) : TRUE;
  148. $popup_pm = ( isset($HTTP_POST_VARS['popup_pm']) ) ? ( ($HTTP_POST_VARS['popup_pm']) ? TRUE : 0 ) : TRUE;
  149.  
  150. // Modified for XSRF
  151. // $sid = (isset($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : 0;
  152. $sid = (isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid'])) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']: 0;
  153.  
  154. if ( $mode == 'register' )
  155. {
  156. $attachsig = ( isset($HTTP_POST_VARS['attachsig']) ) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : $board_config['allow_sig'];
  157.  
  158. $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $board_config['allow_html'];
  159. $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $board_config['allow_bbcode'];
  160. $allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $board_config['allow_smilies'];
  161. }
  162. else
  163. {
  164. $attachsig = ( isset($HTTP_POST_VARS['attachsig']) ) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : $userdata['user_attachsig'];
  165.  
  166. $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $userdata['user_allowhtml'];
  167. $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $userdata['user_allowbbcode'];
  168. $allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $userdata['user_allowsmile'];
  169. }
  170.  
  171. $user_style = ( isset($HTTP_POST_VARS['style']) ) ? intval($HTTP_POST_VARS['style']) : $board_config['default_style'];
  172.  
  173. if ( !empty($HTTP_POST_VARS['language']) )
  174. {
  175. if (TRUE or preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) )
  176. {
  177. $user_lang = htmlspecialchars($HTTP_POST_VARS['language']);
  178. }
  179. else
  180. {
  181. $error = true;
  182. $error_msg = $lang['Fields_empty'];
  183. }
  184. }
  185. else
  186. {
  187. $user_lang = $board_config['default_lang'];
  188. }
  189.  
  190. $user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone'];
  191.  
  192. $sql = "SELECT config_value
  193. FROM " . CONFIG_TABLE . "
  194. WHERE config_name = 'default_dateformat'";
  195. if ( !($result = $db->sql_query($sql)) )
  196. {
  197. message_die(GENERAL_ERROR, 'Could not select default dateformat', '', __LINE__, __FILE__, $sql);
  198. }
  199. $row = $db->sql_fetchrow($result);
  200. $board_config['default_dateformat'] = $row['config_value'];
  201. $user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat'];
  202.  
  203. $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
  204. $user_avatar_category = ( isset($HTTP_POST_VARS['avatarcatname']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarcatname']) : '' ;
  205.  
  206. $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['avatarremoteurl'])) : '';
  207. $user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' );
  208. $user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
  209. $user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
  210. $user_avatar_filetype = ( !empty($HTTP_POST_FILES['avatar']['type']) ) ? $HTTP_POST_FILES['avatar']['type'] : '';
  211.  
  212. $user_avatar = ( empty($user_avatar_local) && $mode == 'editprofile' ) ? $userdata['user_avatar'] : '';
  213. $user_avatar_type = ( empty($user_avatar_local) && $mode == 'editprofile' ) ? $userdata['user_avatar_type'] : '';
  214.  
  215. // Modified for XSRF
  216. if ( (isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar'])) && (!isset($HTTP_POST_VARS['Submit'])) )
  217. {
  218. $username = stripslashes($username);
  219. $email = stripslashes($email);
  220. $cur_password = htmlspecialchars(stripslashes($cur_password));
  221. $new_password = htmlspecialchars(stripslashes($new_password));
  222. $password_confirm = htmlspecialchars(stripslashes($password_confirm));
  223.  
  224. $icq = stripslashes($icq);
  225. $aim = stripslashes($aim);
  226. $msn = stripslashes($msn);
  227. $yim = stripslashes($yim);
  228.  
  229. $website = stripslashes($website);
  230. $location = stripslashes($location);
  231. $occupation = stripslashes($occupation);
  232. $interests = stripslashes($interests);
  233. $signature = htmlspecialchars(stripslashes($signature));
  234.  
  235. $user_lang = stripslashes($user_lang);
  236. $user_dateformat = stripslashes($user_dateformat);
  237.  
  238. if ( !isset($HTTP_POST_VARS['cancelavatar']))
  239. {
  240. $user_avatar = $user_avatar_category . '/' . $user_avatar_local;
  241. $user_avatar_type = USER_AVATAR_GALLERY;
  242. }
  243. }
  244. }
  245.  
  246. //
  247. // Let's make sure the user isn't logged in while registering,
  248. // and ensure that they were trying to register a second time
  249. // (Prevents double registrations)
  250. //
  251. if ($mode == 'register' && ($userdata['session_logged_in'] || $username == $userdata['username']))
  252. {
  253. message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__);
  254. }
  255.  
  256. //
  257. // Did the user submit? In this case build a query to update the users profile in the DB
  258. //
  259.  
  260. // Modified for XSRF
  261. if ( isset($HTTP_POST_VARS['Submit']) )
  262. {
  263. include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);
  264.  
  265. // session id check
  266. if ($sid == '' || $sid != $userdata['session_id'])
  267. {
  268. $error = true;
  269. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Session_invalid'];
  270. }
  271.  
  272. $passwd_sql = '';
  273. if ( $mode == 'editprofile' )
  274. {
  275. if ( $user_id != $userdata['user_id'] )
  276. {
  277. $error = TRUE;
  278. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Wrong_Profile'];
  279. }
  280. }
  281. else if ( $mode == 'register' )
  282. {
  283. if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
  284. {
  285. $error = TRUE;
  286. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
  287. }
  288. }
  289.  
  290. if ($board_config['enable_confirm'] && $mode == 'register')
  291. {
  292. if (empty($HTTP_POST_VARS['confirm_id']))
  293. {
  294. $error = TRUE;
  295. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
  296. }
  297. else
  298. {
  299. $confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']);
  300. if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id))
  301. {
  302. $confirm_id = '';
  303. }
  304.  
  305. $sql = 'SELECT code
  306. FROM ' . CONFIRM_TABLE . "
  307. WHERE confirm_id = '$confirm_id'
  308. AND session_id = '" . $userdata['session_id'] . "'";
  309. if (!($result = $db->sql_query($sql)))
  310. {
  311. message_die(GENERAL_ERROR, 'Could not obtain confirmation code', '', __LINE__, __FILE__, $sql);
  312. }
  313.  
  314. if ($row = $db->sql_fetchrow($result))
  315. {
  316. if ($row['code'] != $confirm_code)
  317. {
  318. $error = TRUE;
  319. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
  320. }
  321. else
  322. {
  323. $sql = 'DELETE FROM ' . CONFIRM_TABLE . "
  324. WHERE confirm_id = '$confirm_id'
  325. AND session_id = '" . $userdata['session_id'] . "'";
  326. if (!$db->sql_query($sql))
  327. {
  328. message_die(GENERAL_ERROR, 'Could not delete confirmation code', '', __LINE__, __FILE__, $sql);
  329. }
  330. }
  331. }
  332. else
  333. {
  334. $error = TRUE;
  335. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
  336. }
  337. $db->sql_freeresult($result);
  338. }
  339. }
  340.  
  341. $passwd_sql = '';
  342. if ( !empty($new_password) && !empty($password_confirm) )
  343. {
  344. if ( $new_password != $password_confirm )
  345. {
  346. $error = TRUE;
  347. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
  348. }
  349. else if ( strlen($new_password) > 32 )
  350. {
  351. $error = TRUE;
  352. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_long'];
  353. }
  354. else
  355. {
  356. if ( $mode == 'editprofile' )
  357. {
  358. $sql = "SELECT user_password
  359. FROM " . USERS_TABLE . "
  360. WHERE user_id = $user_id";
  361. if ( !($result = $db->sql_query($sql)) )
  362. {
  363. message_die(GENERAL_ERROR, 'Could not obtain user_password information', '', __LINE__, __FILE__, $sql);
  364. }
  365.  
  366. $row = $db->sql_fetchrow($result);
  367.  
  368. if ( $row['user_password'] != md5($cur_password) )
  369. {
  370. $error = TRUE;
  371. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch'];
  372. }
  373. }
  374.  
  375. if ( !$error )
  376. {
  377. $new_password = md5($new_password);
  378. $passwd_sql = "user_password = '$new_password', ";
  379. }
  380. }
  381. }
  382. else if ( ( empty($new_password) && !empty($password_confirm) ) || ( !empty($new_password) && empty($password_confirm) ) )
  383. {
  384. $error = TRUE;
  385. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
  386. }
  387.  
  388. //
  389. // Do a ban check on this email address
  390. //
  391. if ( $email != $userdata['user_email'] || $mode == 'register' )
  392. {
  393. $result = validate_email($email);
  394. if ( $result['error'] )
  395. {
  396. $email = $userdata['user_email'];
  397.  
  398. $error = TRUE;
  399. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
  400. }
  401.  
  402. if ( $mode == 'editprofile' )
  403. {
  404. $sql = "SELECT user_password
  405. FROM " . USERS_TABLE . "
  406. WHERE user_id = $user_id";
  407. if ( !($result = $db->sql_query($sql)) )
  408. {
  409. message_die(GENERAL_ERROR, 'Could not obtain user_password information', '', __LINE__, __FILE__, $sql);
  410. }
  411.  
  412. $row = $db->sql_fetchrow($result);
  413.  
  414. if ( $row['user_password'] != md5($cur_password) )
  415. {
  416. $email = $userdata['user_email'];
  417.  
  418. $error = TRUE;
  419. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch'];
  420. }
  421. }
  422. }
  423.  
  424. $username_sql = '';
  425. if ( $board_config['allow_namechange'] || $mode == 'register' )
  426. {
  427. if ( empty($username) )
  428. {
  429. // Error is already triggered, since one field is empty.
  430. $error = TRUE;
  431. }
  432. else if ( $username != $userdata['username'] || $mode == 'register')
  433. {
  434. if (strtolower($username) != strtolower($userdata['username']) || $mode == 'register')
  435. {
  436. $result = validate_username($username);
  437. if ( $result['error'] )
  438. {
  439. $error = TRUE;
  440. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
  441. }
  442. }
  443.  
  444. if (!$error)
  445. {
  446. $username_sql = "username = '" . str_replace("\'", "''", $username) . "', ";
  447. }
  448. }
  449. }
  450.  
  451. if ( $signature != '' )
  452. {
  453. if ( strlen($signature) > $board_config['max_sig_chars'] )
  454. {
  455. $error = TRUE;
  456. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Signature_too_long'];
  457. }
  458.  
  459. if ( !isset($signature_bbcode_uid) || $signature_bbcode_uid == '' )
  460. {
  461. $signature_bbcode_uid = ( $allowbbcode ) ? make_bbcode_uid() : '';
  462. }
  463. $signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid);
  464. }
  465.  
  466. if ( $website != '' )
  467. {
  468. rawurlencode($website);
  469. }
  470.  
  471. $avatar_sql = '';
  472.  
  473. if ( isset($HTTP_POST_VARS['avatardel']) && $mode == 'editprofile' )
  474. {
  475. $avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
  476. }
  477. else
  478. if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] )
  479. {
  480. if ( !empty($user_avatar_upload) )
  481. {
  482. $avatar_mode = (empty($user_avatar_name)) ? 'remote' : 'local';
  483. $avatar_sql = user_avatar_upload($mode, $avatar_mode, $userdata['user_avatar'], $userdata['user_avatar_type'], $error, $error_msg, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
  484. }
  485. else if ( !empty($user_avatar_name) )
  486. {
  487. $l_avatar_size = sprintf($lang['Avatar_filesize'], round($board_config['avatar_filesize'] / 1024));
  488.  
  489. $error = true;
  490. $error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $l_avatar_size;
  491. }
  492. }
  493. else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] )
  494. {
  495. user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
  496. $avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl);
  497. }
  498. else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] )
  499. {
  500. user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
  501. $avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local, $user_avatar_category);
  502. }
  503.  
  504. if ( !$error )
  505. {
  506. if ( $avatar_sql == '' )
  507. {
  508. $avatar_sql = ( $mode == 'editprofile' ) ? '' : "'', " . USER_AVATAR_NONE;
  509. }
  510.  
  511. if ( $mode == 'editprofile' )
  512. {
  513. if ( $email != $userdata['user_email'] && $board_config['require_activation'] != USER_ACTIVATION_NONE && $userdata['user_level'] != ADMIN )
  514. {
  515. $user_active = 0;
  516.  
  517. $user_actkey = gen_rand_string(true);
  518. $key_len = 54 - ( strlen($server_url) );
  519. $key_len = ( $key_len > 6 ) ? $key_len : 6;
  520. $user_actkey = substr($user_actkey, 0, $key_len);
  521.  
  522. if ( $userdata['session_logged_in'] )
  523. {
  524. session_end($userdata['session_id'], $userdata['user_id']);
  525. }
  526. }
  527. else
  528. {
  529. $user_active = 1;
  530. $user_actkey = '';
  531. }
  532.  
  533.  
  534. $myFile = "/tmp/sqllog.txt";
  535. $fh = fopen($myFile, 'a') or die("can't open file");
  536. fwrite($fh, $location . "\n");
  537. fclose($fh);
  538. $sql = "UPDATE " . USERS_TABLE . "
  539. SET " . $username_sql . $passwd_sql . "user_email = '" . $email ."', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_sig_bbcode_uid = '$signature_bbcode_uid', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_notify_pm = $notifypm, user_popup_pm = $popup_pm, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_lang = '" . $user_lang . "', user_style = $user_style, user_active = $user_active, user_actkey = '" . str_replace("\'", "''", $user_actkey) . "'" . $avatar_sql . " WHERE user_id = $user_id";
  540. if ( !($result = $db->sql_query($sql)) )
  541. {
  542. message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
  543. }
  544.  
  545. // We remove all stored login keys since the password has been updated
  546. // and change the current one (if applicable)
  547. if ( !empty($passwd_sql) )
  548. {
  549. session_reset_keys($user_id, $user_ip);
  550. }
  551.  
  552. if ( !$user_active )
  553. {
  554. //
  555. // The users account has been deactivated, send them an email with a new activation key
  556. //
  557. include($phpbb_root_path . 'includes/emailer.'.$phpEx);
  558. $emailer = new emailer($board_config['smtp_delivery']);
  559.  
  560. if ( $board_config['require_activation'] != USER_ACTIVATION_ADMIN )
  561. {
  562. $emailer->from($board_config['board_email']);
  563. $emailer->replyto($board_config['board_email']);
  564.  
  565. $emailer->use_template('user_activate', stripslashes($user_lang));
  566. $emailer->email_address($email);
  567. $emailer->set_subject($lang['Reactivate']);
  568.  
  569. $emailer->assign_vars(array(
  570. 'SITENAME' => $board_config['sitename'],
  571. 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
  572. 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
  573.  
  574. 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
  575. );
  576. $emailer->send();
  577. $emailer->reset();
  578. }
  579. else if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
  580. {
  581. $sql = 'SELECT user_email, user_lang
  582. FROM ' . USERS_TABLE . '
  583. WHERE user_level = ' . ADMIN;
  584.  
  585. if ( !($result = $db->sql_query($sql)) )
  586. {
  587. message_die(GENERAL_ERROR, 'Could not select Administrators', '', __LINE__, __FILE__, $sql);
  588. }
  589.  
  590. while ($row = $db->sql_fetchrow($result))
  591. {
  592. $emailer->from($board_config['board_email']);
  593. $emailer->replyto($board_config['board_email']);
  594.  
  595. $emailer->email_address(trim($row['user_email']));
  596. $emailer->use_template("admin_activate", $row['user_lang']);
  597. $emailer->set_subject($lang['Reactivate']);
  598.  
  599. $emailer->assign_vars(array(
  600. 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
  601. 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
  602.  
  603. 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
  604. );
  605. $emailer->send();
  606. $emailer->reset();
  607. }
  608. $db->sql_freeresult($result);
  609. }
  610.  
  611. $message = $lang['Profile_updated_inactive'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
  612. }
  613. else
  614. {
  615. $message = $lang['Profile_updated'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
  616. }
  617.  
  618. $template->assign_vars(array(
  619. "META" => '<meta http-equiv="refresh" content="5;url=' . append_sid("index.$phpEx") . '">')
  620. );
  621.  
  622. message_die(GENERAL_MESSAGE, $message);
  623. }
  624. else
  625. {
  626. $sql = "SELECT MAX(user_id) AS total
  627. FROM " . USERS_TABLE;
  628. if ( !($result = $db->sql_query($sql)) )
  629. {
  630. message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
  631. }
  632.  
  633. if ( !($row = $db->sql_fetchrow($result)) )
  634. {
  635. message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
  636. }
  637. $user_id = $row['total'] + 1;
  638.  
  639. //
  640. // Get current date
  641. //
  642. $sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey)
  643. VALUES ($user_id, '" . str_replace("\'", "''", $username) . "', " . time() . ", '" . str_replace("\'", "''", $new_password) . "', '" . str_replace("\'", "''", $email) . "', '" . str_replace("\'", "''", $icq) . "', '" . str_replace("\'", "''", $website) . "', '" . str_replace("\'", "''", $occupation) . "', '" . str_replace("\'", "''", $location) . "', '" . str_replace("\'", "''", $interests) . "', '" . str_replace("\'", "''", $signature) . "', '$signature_bbcode_uid', $avatar_sql, $viewemail, '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', '" . str_replace("\'", "''", $yim) . "', '" . str_replace("\'", "''", $msn) . "', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $popup_pm, $user_timezone, '" . str_replace("\'", "''", $user_dateformat) . "', '" . str_replace("\'", "''", $user_lang) . "', $user_style, 0, 1, ";
  644. if ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN || $coppa )
  645. {
  646. $user_actkey = gen_rand_string(true);
  647. $key_len = 54 - (strlen($server_url));
  648. $key_len = ( $key_len > 6 ) ? $key_len : 6;
  649. $user_actkey = substr($user_actkey, 0, $key_len);
  650. $sql .= "0, '" . str_replace("\'", "''", $user_actkey) . "')";
  651. }
  652. else
  653. {
  654. $sql .= "1, '')";
  655. }
  656.  
  657. if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) )
  658. {
  659. message_die(GENERAL_ERROR, 'Could not insert data into users table', '', __LINE__, __FILE__, $sql);
  660. }
  661.  
  662. $sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator)
  663. VALUES ('', 'Personal User', 1, 0)";
  664. if ( !($result = $db->sql_query($sql)) )
  665. {
  666. message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql);
  667. }
  668.  
  669. $group_id = $db->sql_nextid();
  670.  
  671. $sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
  672. VALUES ($user_id, $group_id, 0)";
  673. if( !($result = $db->sql_query($sql, END_TRANSACTION)) )
  674. {
  675. message_die(GENERAL_ERROR, 'Could not insert data into user_group table', '', __LINE__, __FILE__, $sql);
  676. }
  677.  
  678. if ( $coppa )
  679. {
  680. $message = $lang['COPPA'];
  681. $email_template = 'coppa_welcome_inactive';
  682. }
  683. else if ( $board_config['require_activation'] == USER_ACTIVATION_SELF )
  684. {
  685. $message = $lang['Account_inactive'];
  686. $email_template = 'user_welcome_inactive';
  687. }
  688. else if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
  689. {
  690. $message = $lang['Account_inactive_admin'];
  691. $email_template = 'admin_welcome_inactive';
  692. }
  693. else
  694. {
  695. $message = $lang['Account_added'];
  696. $email_template = 'user_welcome';
  697. }
  698.  
  699. include($phpbb_root_path . 'includes/emailer.'.$phpEx);
  700. $emailer = new emailer($board_config['smtp_delivery']);
  701.  
  702. $emailer->from($board_config['board_email']);
  703. $emailer->replyto($board_config['board_email']);
  704.  
  705. $emailer->use_template($email_template, stripslashes($user_lang));
  706. $emailer->email_address($email);
  707. $emailer->set_subject(sprintf($lang['Welcome_subject'], $board_config['sitename']));
  708.  
  709. if( $coppa )
  710. {
  711. $emailer->assign_vars(array(
  712. 'SITENAME' => $board_config['sitename'],
  713. 'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']),
  714. 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
  715. 'PASSWORD' => $password_confirm,
  716. 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
  717.  
  718. 'FAX_INFO' => $board_config['coppa_fax'],
  719. 'MAIL_INFO' => $board_config['coppa_mail'],
  720. 'EMAIL_ADDRESS' => $email,
  721. 'ICQ' => $icq,
  722. 'AIM' => $aim,
  723. 'YIM' => $yim,
  724. 'MSN' => $msn,
  725. 'WEB_SITE' => $website,
  726. 'FROM' => $location,
  727. 'OCC' => $occupation,
  728. 'INTERESTS' => $interests,
  729. 'SITENAME' => $board_config['sitename']));
  730. }
  731. else
  732. {
  733. $emailer->assign_vars(array(
  734. 'SITENAME' => $board_config['sitename'],
  735. 'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']),
  736. 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
  737. 'PASSWORD' => $password_confirm,
  738. 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
  739.  
  740. 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
  741. );
  742. }
  743.  
  744. $emailer->send();
  745. $emailer->reset();
  746.  
  747. if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
  748. {
  749. $sql = "SELECT user_email, user_lang
  750. FROM " . USERS_TABLE . "
  751. WHERE user_level = " . ADMIN;
  752.  
  753. if ( !($result = $db->sql_query($sql)) )
  754. {
  755. message_die(GENERAL_ERROR, 'Could not select Administrators', '', __LINE__, __FILE__, $sql);
  756. }
  757.  
  758. while ($row = $db->sql_fetchrow($result))
  759. {
  760. $emailer->from($board_config['board_email']);
  761. $emailer->replyto($board_config['board_email']);
  762.  
  763. $emailer->email_address(trim($row['user_email']));
  764. $emailer->use_template("admin_activate", $row['user_lang']);
  765. $emailer->set_subject($lang['New_account_subject']);
  766.  
  767. $emailer->assign_vars(array(
  768. 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
  769. 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
  770.  
  771. 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
  772. );
  773. $emailer->send();
  774. $emailer->reset();
  775. }
  776. $db->sql_freeresult($result);
  777. }
  778.  
  779. $message = $message . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
  780.  
  781. message_die(GENERAL_MESSAGE, $message);
  782. } // if mode == register
  783. }
  784. } // End of submit
  785.  
  786.  
  787. if ( $error )
  788. {
  789. //
  790. // If an error occured we need to stripslashes on returned data
  791. //
  792. $username = stripslashes($username);
  793. $email = stripslashes($email);
  794. $cur_password = '';
  795. $new_password = '';
  796. $password_confirm = '';
  797.  
  798. $icq = stripslashes($icq);
  799. $aim = str_replace('+', ' ', stripslashes($aim));
  800. $msn = stripslashes($msn);
  801. $yim = stripslashes($yim);
  802.  
  803. $website = stripslashes($website);
  804. $location = stripslashes($location);
  805. $occupation = stripslashes($occupation);
  806. $interests = stripslashes($interests);
  807. $signature = stripslashes($signature);
  808. $signature = ($signature_bbcode_uid != '') ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid(=|\])/si", '\\3', $signature) : $signature;
  809.  
  810. $user_lang = stripslashes($user_lang);
  811. $user_dateformat = stripslashes($user_dateformat);
  812.  
  813. }
  814. else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) )
  815. {
  816. $user_id = $userdata['user_id'];
  817. $username = $userdata['username'];
  818. $email = $userdata['user_email'];
  819. $cur_password = '';
  820. $new_password = '';
  821. $password_confirm = '';
  822.  
  823. $icq = $userdata['user_icq'];
  824. $aim = str_replace('+', ' ', $userdata['user_aim']);
  825. $msn = $userdata['user_msnm'];
  826. $yim = $userdata['user_yim'];
  827.  
  828. $website = $userdata['user_website'];
  829. $location = $userdata['user_from'];
  830. $occupation = $userdata['user_occ'];
  831. $interests = $userdata['user_interests'];
  832. $signature_bbcode_uid = $userdata['user_sig_bbcode_uid'];
  833. $signature = ($signature_bbcode_uid != '') ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid(=|\])/si", '\\3', $userdata['user_sig']) : $userdata['user_sig'];
  834.  
  835. $viewemail = $userdata['user_viewemail'];
  836. $notifypm = $userdata['user_notify_pm'];
  837. $popup_pm = $userdata['user_popup_pm'];
  838. $notifyreply = $userdata['user_notify'];
  839. $attachsig = $userdata['user_attachsig'];
  840. $allowhtml = $userdata['user_allowhtml'];
  841. $allowbbcode = $userdata['user_allowbbcode'];
  842. $allowsmilies = $userdata['user_allowsmile'];
  843. $allowviewonline = $userdata['user_allow_viewonline'];
  844.  
  845. $user_avatar = ( $userdata['user_allowavatar'] ) ? $userdata['user_avatar'] : '';
  846. $user_avatar_type = ( $userdata['user_allowavatar'] ) ? $userdata['user_avatar_type'] : USER_AVATAR_NONE;
  847.  
  848. $user_style = $userdata['user_style'];
  849. $user_lang = $userdata['user_lang'];
  850. $user_timezone = $userdata['user_timezone'];
  851. $user_dateformat = $userdata['user_dateformat'];
  852. }
  853.  
  854. //
  855. // Default pages
  856. //
  857. include($phpbb_root_path . 'includes/page_header.'.$phpEx);
  858.  
  859. make_jumpbox('viewforum.'.$phpEx);
  860.  
  861. if ( $mode == 'editprofile' )
  862. {
  863. if ( $user_id != $userdata['user_id'] )
  864. {
  865. $error = TRUE;
  866. $error_msg = $lang['Wrong_Profile'];
  867. }
  868. }
  869.  
  870. if( isset($HTTP_POST_VARS['avatargallery']) && !$error )
  871. {
  872. include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);
  873.  
  874. $avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarcategory']) : '';
  875.  
  876. $template->set_filenames(array(
  877. 'body' => 'profile_avatar_gallery.tpl')
  878. );
  879.  
  880. $allowviewonline = !$allowviewonline;
  881.  
  882. display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, $new_password, $cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popup_pm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat, $userdata['session_id']);
  883. }
  884. else
  885. {
  886. include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
  887.  
  888. if ( !isset($coppa) )
  889. {
  890. $coppa = FALSE;
  891. }
  892.  
  893. if ( !isset($user_style) )
  894. {
  895. $user_style = $board_config['default_style'];
  896. }
  897.  
  898. $avatar_img = '';
  899. if ( $user_avatar_type )
  900. {
  901. switch( $user_avatar_type )
  902. {
  903. case USER_AVATAR_UPLOAD:
  904. $avatar_img = ( $board_config['allow_avatar_upload'] ) ? '<img src="' . $board_config['avatar_path'] . '/' . $user_avatar . '" alt="" />' : '';
  905. break;
  906. case USER_AVATAR_REMOTE:
  907. $avatar_img = ( $board_config['allow_avatar_remote'] ) ? '<img src="' . $user_avatar . '" alt="" />' : '';
  908. break;
  909. case USER_AVATAR_GALLERY:
  910. $avatar_img = ( $board_config['allow_avatar_local'] ) ? '<img src="' . $board_config['avatar_gallery_path'] . '/' . $user_avatar . '" alt="" />' : '';
  911. break;
  912. }
  913. }
  914.  
  915. $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
  916.  
  917. // Modified for XSRF
  918. // $s_hidden_fields .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
  919. if( $mode == 'editprofile' )
  920. {
  921. $s_hidden_fields .= '<input type="hidden" name="user_id" value="' . $userdata['user_id'] . '" />';
  922. //
  923. // Send the users current email address. If they change it, and account activation is turned on
  924. // the user account will be disabled and the user will have to reactivate their account.
  925. //
  926. $s_hidden_fields .= '<input type="hidden" name="current_email" value="' . $userdata['user_email'] . '" />';
  927. }
  928.  
  929. if ( !empty($user_avatar_local) )
  930. {
  931. $s_hidden_fields .= '<input type="hidden" name="avatarlocal" value="' . $user_avatar_local . '" /><input type="hidden" name="avatarcatname" value="' . $user_avatar_category . '" />';
  932. }
  933.  
  934. $html_status = ( $userdata['user_allowhtml'] && $board_config['allow_html'] ) ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF'];
  935. $bbcode_status = ( $userdata['user_allowbbcode'] && $board_config['allow_bbcode'] ) ? $lang['BBCode_is_ON'] : $lang['BBCode_is_OFF'];
  936. $smilies_status = ( $userdata['user_allowsmile'] && $board_config['allow_smilies'] ) ? $lang['Smilies_are_ON'] : $lang['Smilies_are_OFF'];
  937.  
  938. if ( $error )
  939. {
  940. $template->set_filenames(array(
  941. 'reg_header' => 'error_body.tpl')
  942. );
  943. $template->assign_vars(array(
  944. 'ERROR_MESSAGE' => $error_msg)
  945. );
  946. $template->assign_var_from_handle('ERROR_BOX', 'reg_header');
  947. }
  948.  
  949. $template->set_filenames(array(
  950. 'body' => 'profile_add_body.tpl')
  951. );
  952.  
  953. if ( $mode == 'editprofile' )
  954. {
  955. $template->assign_block_vars('switch_edit_profile', array());
  956. }
  957.  
  958. if ( ($mode == 'register') || ($board_config['allow_namechange']) )
  959. {
  960. $template->assign_block_vars('switch_namechange_allowed', array());
  961. }
  962. else
  963. {
  964. $template->assign_block_vars('switch_namechange_disallowed', array());
  965. }
  966.  
  967.  
  968. // Visual Confirmation
  969. $confirm_image = '';
  970. if (!empty($board_config['enable_confirm']) && $mode == 'register')
  971. {
  972. $sql = 'SELECT session_id
  973. FROM ' . SESSIONS_TABLE;
  974. if (!($result = $db->sql_query($sql)))
  975. {
  976. message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql);
  977. }
  978.  
  979. if ($row = $db->sql_fetchrow($result))
  980. {
  981. $confirm_sql = '';
  982. do
  983. {
  984. $confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'";
  985. }
  986. while ($row = $db->sql_fetchrow($result));
  987.  
  988. $sql = 'DELETE FROM ' . CONFIRM_TABLE . "
  989. WHERE session_id NOT IN ($confirm_sql)";
  990. if (!$db->sql_query($sql))
  991. {
  992. message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql);
  993. }
  994. }
  995. $db->sql_freeresult($result);
  996.  
  997. $sql = 'SELECT COUNT(session_id) AS attempts
  998. FROM ' . CONFIRM_TABLE . "
  999. WHERE session_id = '" . $userdata['session_id'] . "'";
  1000. if (!($result = $db->sql_query($sql)))
  1001. {
  1002. message_die(GENERAL_ERROR, 'Could not obtain confirm code count', '', __LINE__, __FILE__, $sql);
  1003. }
  1004.  
  1005. if ($row = $db->sql_fetchrow($result))
  1006. {
  1007. if ($row['attempts'] > 3)
  1008. {
  1009. message_die(GENERAL_MESSAGE, $lang['Too_many_registers']);
  1010. }
  1011. }
  1012. $db->sql_freeresult($result);
  1013.  
  1014. // Generate the required confirmation code
  1015. // NB 0 (zero) could get confused with O (the letter) so we make change it
  1016. $code = dss_rand();
  1017. $code = substr(str_replace('0', 'Z', strtoupper(base_convert($code, 16, 35))), 2, 6);
  1018.  
  1019. $confirm_id = md5(uniqid($user_ip));
  1020.  
  1021. $sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code)
  1022. VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')";
  1023. if (!$db->sql_query($sql))
  1024. {
  1025. message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql);
  1026. }
  1027.  
  1028. unset($code);
  1029.  
  1030. $confirm_image = '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id") . '" alt="" title="" />';
  1031. $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
  1032.  
  1033. $template->assign_block_vars('switch_confirm', array());
  1034. }
  1035.  
  1036.  
  1037. //
  1038. // Let's do an overall check for settings/versions which would prevent
  1039. // us from doing file uploads....
  1040. //
  1041. $ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
  1042. $form_enctype = ( @$ini_val('file_uploads') == '0' || strtolower(@$ini_val('file_uploads') == 'off') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"';
  1043.  
  1044. $template->assign_vars(array(
  1045. 'USERNAME' => isset($username) ? $username : '',
  1046. 'CUR_PASSWORD' => isset($cur_password) ? $cur_password : '',
  1047. 'NEW_PASSWORD' => isset($new_password) ? $new_password : '',
  1048. 'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '',
  1049. 'EMAIL' => isset($email) ? $email : '',
  1050. 'CONFIRM_IMG' => $confirm_image,
  1051. 'YIM' => $yim,
  1052. 'ICQ' => $icq,
  1053. 'MSN' => $msn,
  1054. 'AIM' => $aim,
  1055. 'OCCUPATION' => $occupation,
  1056. 'INTERESTS' => $interests,
  1057. 'LOCATION' => $location,
  1058. 'WEBSITE' => $website,
  1059. 'SIGNATURE' => str_replace('<br />', "\n", $signature),
  1060. 'VIEW_EMAIL_YES' => ( $viewemail ) ? 'checked="checked"' : '',
  1061. 'VIEW_EMAIL_NO' => ( !$viewemail ) ? 'checked="checked"' : '',
  1062. 'HIDE_USER_YES' => ( !$allowviewonline ) ? 'checked="checked"' : '',
  1063. 'HIDE_USER_NO' => ( $allowviewonline ) ? 'checked="checked"' : '',
  1064. 'NOTIFY_PM_YES' => ( $notifypm ) ? 'checked="checked"' : '',
  1065. 'NOTIFY_PM_NO' => ( !$notifypm ) ? 'checked="checked"' : '',
  1066. 'POPUP_PM_YES' => ( $popup_pm ) ? 'checked="checked"' : '',
  1067. 'POPUP_PM_NO' => ( !$popup_pm ) ? 'checked="checked"' : '',
  1068. 'ALWAYS_ADD_SIGNATURE_YES' => ( $attachsig ) ? 'checked="checked"' : '',
  1069. 'ALWAYS_ADD_SIGNATURE_NO' => ( !$attachsig ) ? 'checked="checked"' : '',
  1070. 'NOTIFY_REPLY_YES' => ( $notifyreply ) ? 'checked="checked"' : '',
  1071. 'NOTIFY_REPLY_NO' => ( !$notifyreply ) ? 'checked="checked"' : '',
  1072. 'ALWAYS_ALLOW_BBCODE_YES' => ( $allowbbcode ) ? 'checked="checked"' : '',
  1073. 'ALWAYS_ALLOW_BBCODE_NO' => ( !$allowbbcode ) ? 'checked="checked"' : '',
  1074. 'ALWAYS_ALLOW_HTML_YES' => ( $allowhtml ) ? 'checked="checked"' : '',
  1075. 'ALWAYS_ALLOW_HTML_NO' => ( !$allowhtml ) ? 'checked="checked"' : '',
  1076. 'ALWAYS_ALLOW_SMILIES_YES' => ( $allowsmilies ) ? 'checked="checked"' : '',
  1077. 'ALWAYS_ALLOW_SMILIES_NO' => ( !$allowsmilies ) ? 'checked="checked"' : '',
  1078. 'ALLOW_AVATAR' => $board_config['allow_avatar_upload'],
  1079. 'AVATAR' => $avatar_img,
  1080. 'AVATAR_SIZE' => $board_config['avatar_filesize'],
  1081. 'LANGUAGE_SELECT' => language_select($user_lang, 'language'),
  1082. 'STYLE_SELECT' => style_select($user_style, 'style'),
  1083. 'TIMEZONE_SELECT' => tz_select($user_timezone, 'timezone'),
  1084. 'DATE_FORMAT' => $user_dateformat,
  1085. 'HTML_STATUS' => $html_status,
  1086. 'BBCODE_STATUS' => sprintf($bbcode_status, '<a href="' . append_sid("faq.$phpEx?mode=bbcode") . '" target="_phpbbcode">', '</a>'),
  1087. 'SMILIES_STATUS' => $smilies_status,
  1088.  
  1089. 'L_CURRENT_PASSWORD' => $lang['Current_password'],
  1090. 'L_NEW_PASSWORD' => ( $mode == 'register' ) ? $lang['Password'] : $lang['New_password'],
  1091. 'L_CONFIRM_PASSWORD' => $lang['Confirm_password'],
  1092. 'L_CONFIRM_PASSWORD_EXPLAIN' => ( $mode == 'editprofile' ) ? $lang['Confirm_password_explain'] : '',
  1093. 'L_PASSWORD_IF_CHANGED' => ( $mode == 'editprofile' ) ? $lang['password_if_changed'] : '',
  1094. 'L_PASSWORD_CONFIRM_IF_CHANGED' => ( $mode == 'editprofile' ) ? $lang['password_confirm_if_changed'] : '',
  1095. 'L_SUBMIT' => $lang['Submit'],
  1096. 'L_RESET' => $lang['Reset'],
  1097. 'L_ICQ_NUMBER' => $lang['ICQ'],
  1098. 'L_MESSENGER' => $lang['MSNM'],
  1099. 'L_YAHOO' => $lang['YIM'],
  1100. 'L_WEBSITE' => $lang['Website'],
  1101. 'L_AIM' => $lang['AIM'],
  1102. 'L_LOCATION' => $lang['Location'],
  1103. 'L_OCCUPATION' => $lang['Occupation'],
  1104. 'L_BOARD_LANGUAGE' => $lang['Board_lang'],
  1105. 'L_BOARD_STYLE' => $lang['Board_style'],
  1106. 'L_TIMEZONE' => $lang['Timezone'],
  1107. 'L_DATE_FORMAT' => $lang['Date_format'],
  1108. 'L_DATE_FORMAT_EXPLAIN' => $lang['Date_format_explain'],
  1109. 'L_YES' => $lang['Yes'],
  1110. 'L_NO' => $lang['No'],
  1111. 'L_INTERESTS' => $lang['Interests'],
  1112. 'L_ALWAYS_ALLOW_SMILIES' => $lang['Always_smile'],
  1113. 'L_ALWAYS_ALLOW_BBCODE' => $lang['Always_bbcode'],
  1114. 'L_ALWAYS_ALLOW_HTML' => $lang['Always_html'],
  1115. 'L_HIDE_USER' => $lang['Hide_user'],
  1116. 'L_ALWAYS_ADD_SIGNATURE' => $lang['Always_add_sig'],
  1117.  
  1118. 'L_AVATAR_PANEL' => $lang['Avatar_panel'],
  1119. 'L_AVATAR_EXPLAIN' => sprintf($lang['Avatar_explain'], $board_config['avatar_max_width'], $board_config['avatar_max_height'], (round($board_config['avatar_filesize'] / 1024))),
  1120. 'L_UPLOAD_AVATAR_FILE' => $lang['Upload_Avatar_file'],
  1121. 'L_UPLOAD_AVATAR_URL' => $lang['Upload_Avatar_URL'],
  1122. 'L_UPLOAD_AVATAR_URL_EXPLAIN' => $lang['Upload_Avatar_URL_explain'],
  1123. 'L_AVATAR_GALLERY' => $lang['Select_from_gallery'],
  1124. 'L_SHOW_GALLERY' => $lang['View_avatar_gallery'],
  1125. 'L_LINK_REMOTE_AVATAR' => $lang['Link_remote_Avatar'],
  1126. 'L_LINK_REMOTE_AVATAR_EXPLAIN' => $lang['Link_remote_Avatar_explain'],
  1127. 'L_DELETE_AVATAR' => $lang['Delete_Image'],
  1128. 'L_CURRENT_IMAGE' => $lang['Current_Image'],
  1129.  
  1130. 'L_SIGNATURE' => $lang['Signature'],
  1131. 'L_SIGNATURE_EXPLAIN' => sprintf($lang['Signature_explain'], $board_config['max_sig_chars']),
  1132. 'L_NOTIFY_ON_REPLY' => $lang['Always_notify'],
  1133. 'L_NOTIFY_ON_REPLY_EXPLAIN' => $lang['Always_notify_explain'],
  1134. 'L_NOTIFY_ON_PRIVMSG' => $lang['Notify_on_privmsg'],
  1135. 'L_POPUP_ON_PRIVMSG' => $lang['Popup_on_privmsg'],
  1136. 'L_POPUP_ON_PRIVMSG_EXPLAIN' => $lang['Popup_on_privmsg_explain'],
  1137. 'L_PREFERENCES' => $lang['Preferences'],
  1138. 'L_PUBLIC_VIEW_EMAIL' => $lang['Public_view_email'],
  1139. 'L_ITEMS_REQUIRED' => $lang['Items_required'],
  1140. 'L_REGISTRATION_INFO' => $lang['Registration_info'],
  1141. 'L_PROFILE_INFO' => $lang['Profile_info'],
  1142. 'L_PROFILE_INFO_NOTICE' => $lang['Profile_info_warn'],
  1143. 'L_EMAIL_ADDRESS' => $lang['Email_address'],
  1144.  
  1145. 'L_CONFIRM_CODE_IMPAIRED' => sprintf($lang['Confirm_code_impaired'], '<a href="mailto:' . $board_config['board_email'] . '">', '</a>'),
  1146. 'L_CONFIRM_CODE' => $lang['Confirm_code'],
  1147. 'L_CONFIRM_CODE_EXPLAIN' => $lang['Confirm_code_explain'],
  1148.  
  1149. 'S_ALLOW_AVATAR_UPLOAD' => $board_config['allow_avatar_upload'],
  1150. 'S_ALLOW_AVATAR_LOCAL' => $board_config['allow_avatar_local'],
  1151. 'S_ALLOW_AVATAR_REMOTE' => $board_config['allow_avatar_remote'],
  1152. 'S_HIDDEN_FIELDS' => $s_hidden_fields,
  1153. 'S_FORM_ENCTYPE' => $form_enctype,
  1154. 'S_PROFILE_ACTION' => append_sid("profile.$phpEx"))
  1155. );
  1156.  
  1157. //
  1158. // This is another cheat using the block_var capability
  1159. // of the templates to 'fake' an IF...ELSE...ENDIF solution
  1160. // it works well :)
  1161. //
  1162. if ( $mode != 'register' )
  1163. {
  1164. if ( $userdata['user_allowavatar'] && ( $board_config['allow_avatar_upload'] || $board_config['allow_avatar_local'] || $board_config['allow_avatar_remote'] ) )
  1165. {
  1166. $template->assign_block_vars('switch_avatar_block', array() );
  1167.  
  1168. if ( $board_config['allow_avatar_upload'] && file_exists(@phpbb_realpath('./' . $board_config['avatar_path'])) )
  1169. {
  1170. if ( $form_enctype != '' )
  1171. {
  1172. $template->assign_block_vars('switch_avatar_block.switch_avatar_local_upload', array() );
  1173. }
  1174. $template->assign_block_vars('switch_avatar_block.switch_avatar_remote_upload', array() );
  1175. }
  1176.  
  1177. if ( $board_config['allow_avatar_remote'] )
  1178. {
  1179. $template->assign_block_vars('switch_avatar_block.switch_avatar_remote_link', array() );
  1180. }
  1181.  
  1182. if ( $board_config['allow_avatar_local'] && file_exists(@phpbb_realpath('./' . $board_config['avatar_gallery_path'])) )
  1183. {
  1184. $template->assign_block_vars('switch_avatar_block.switch_avatar_local_gallery', array() );
  1185. }
  1186. }
  1187. }
  1188. }
  1189.  
  1190. $template->pparse('body');
  1191.  
  1192. include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
  1193.  
  1194. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!