| [Top level directory] [Classes] [Functions] [Constants] [Variables] |
XMB Open Source Forum Software - PHP Cross Reference |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * eXtreme Message Board 4 * XMB 1.9.11 5 * 6 * Developed And Maintained By The XMB Group 7 * Copyright (c) 2001-2010, The XMB Group 8 * http://www.xmbforum.com 9 * 10 * Sponsored By iEntry, Inc. 11 * http://www.ientry.com 12 * 13 * This program is free software; you can redistribute it and/or 14 * modify it under the terms of the GNU General Public License 15 * as published by the Free Software Foundation; either version 2 16 * of the License, or (at your option) any later version. 17 * 18 * This program is distributed in the hope that it will be useful, 19 * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 * GNU General Public License for more details. 22 * 23 * You should have received a copy of the GNU General Public License 24 * along with this program. If not, see <http://www.gnu.org/licenses/>. 25 * 26 **/ 27 28 define('X_SCRIPT', 'member.php'); 29 30 require 'header.php'; 31 32 loadtemplates( 33 'member_coppa', 34 'member_reg_rules', 35 'member_reg_password', 36 'member_reg_avatarurl', 37 'member_reg_avatarlist', 38 'member_reg', 39 'member_reg_optional', 40 'member_reg_captcha', 41 'member_profile_email', 42 'member_profile', 43 'misc_feature_not_while_loggedin', 44 'misc_feature_notavailable' 45 ); 46 47 smcwcache(); 48 49 eval('$css = "'.template('css').'";'); 50 51 $action = postedVar('action', '', FALSE, FALSE, FALSE, 'g'); 52 switch($action) { 53 case 'reg': 54 nav($lang['textregister']); 55 break; 56 case 'viewpro': 57 nav($lang['textviewpro']); 58 break; 59 case 'coppa': 60 nav($lang['textcoppa']); 61 break; 62 default: 63 header('HTTP/1.0 404 Not Found'); 64 error($lang['textnoaction']); 65 break; 66 } 67 68 switch($action) { 69 case 'coppa': 70 eval('$header = "'.template('header').'";'); 71 if ($SETTINGS['regstatus'] == 'off') { 72 header('HTTP/1.0 403 Forbidden'); 73 eval('$memberpage = "'.template('misc_feature_notavailable').'";'); 74 } elseif (X_MEMBER) { 75 eval('$memberpage = "'.template('misc_feature_not_while_loggedin').'";'); 76 } else { 77 if ($SETTINGS['coppa'] != 'on') { 78 redirect($full_url.'member.php?action=reg', 0); 79 } 80 if (onSubmit('coppasubmit')) { 81 redirect($full_url.'member.php?action=reg', 0); 82 } else { 83 eval('$memberpage = "'.template('member_coppa').'";'); 84 } 85 } 86 break; 87 88 case 'reg': 89 if ($SETTINGS['pruneusers'] > 0) { 90 $prunebefore = $onlinetime - (60 * 60 * 24 * $SETTINGS['pruneusers']); 91 $db->query("DELETE FROM ".X_PREFIX."members WHERE lastvisit=0 AND regdate < $prunebefore AND status='Member'"); 92 } 93 94 if ($SETTINGS['maxdayreg'] > 0) { 95 $time = $onlinetime - 86400; // subtract 24 hours 96 $query = $db->query("SELECT COUNT(uid) FROM ".X_PREFIX."members WHERE regdate > $time"); 97 if ($db->result($query, 0) > $SETTINGS['maxdayreg']) { 98 error($lang['max_regs']); 99 } 100 $db->free_result($query); 101 } 102 103 eval('$header = "'.template('header').'";'); 104 105 if ($SETTINGS['regstatus'] == 'off') { 106 header('HTTP/1.0 403 Forbidden'); 107 eval('$memberpage = "'.template('misc_feature_notavailable').'";'); 108 } elseif (X_MEMBER) { 109 eval('$memberpage = "'.template('misc_feature_not_while_loggedin').'";'); 110 } elseif (noSubmit('regsubmit')) { 111 if ($SETTINGS['bbrules'] == 'on' && noSubmit('rulesubmit')) { 112 $SETTINGS['bbrulestxt'] = nl2br($SETTINGS['bbrulestxt']); 113 eval('$memberpage = "'.template('member_reg_rules').'";'); 114 } else { 115 $currdate = gmdate($timecode, $onlinetime+ ($addtime * 3600)); 116 eval($lang['evaloffset']); 117 118 $themelist = array(); 119 $themelist[] = '<select name="thememem">'; 120 $themelist[] = '<option value="0">'.$lang['textusedefault'].'</option>'; 121 $query = $db->query("SELECT themeid, name FROM ".X_PREFIX."themes ORDER BY name ASC"); 122 while($themeinfo = $db->fetch_array($query)) { 123 $themelist[] = '<option value="'.intval($themeinfo['themeid']).'">'.stripslashes($themeinfo['name']).'</option>'; 124 } 125 $themelist[] = '</select>'; 126 $themelist = implode("\n", $themelist); 127 $db->free_result($query); 128 129 $langfileselect = createLangFileSelect($langfile); 130 131 $dayselect = array(); 132 $dayselect[] = '<select name="day">'; 133 $dayselect[] = '<option value=""> </option>'; 134 for($num = 1; $num <= 31; $num++) { 135 $dayselect[] = '<option value="'.$num.'">'.$num.'</option>'; 136 } 137 $dayselect[] = '</select>'; 138 $dayselect = implode("\n", $dayselect); 139 140 if ($SETTINGS['sigbbcode'] == 'on') { 141 $bbcodeis = $lang['texton']; 142 } else { 143 $bbcodeis = $lang['textoff']; 144 } 145 146 if ($SETTINGS['sightml'] == 'on') { 147 $htmlis = $lang['texton']; 148 } else { 149 $htmlis = $lang['textoff']; 150 } 151 152 $pwtd = ''; 153 if ($SETTINGS['emailcheck'] == 'off') { 154 eval('$pwtd = "'.template('member_reg_password').'";'); 155 } 156 157 if ($SETTINGS['timeformat'] == 24) { 158 $timeFormat12Checked = ''; 159 $timeFormat24Checked = $cheHTML; 160 } else { 161 $timeFormat12Checked = $cheHTML; 162 $timeFormat24Checked = ''; 163 } 164 165 $timezone1 = $timezone2 = $timezone3 = $timezone4 = $timezone5 = $timezone6 = ''; 166 $timezone7 = $timezone8 = $timezone9 = $timezone10 = $timezone11 = $timezone12 = ''; 167 $timezone13 = $timezone14 = $timezone15 = $timezone16 = $timezone17 = $timezone18 = ''; 168 $timezone19 = $timezone20 = $timezone21 = $timezone22 = $timezone23 = $timezone24 = ''; 169 $timezone25 = $timezone26 = $timezone27 = $timezone28 = $timezone29 = $timezone30 = ''; 170 $timezone31 = $timezone32 = $timezone33 = ''; 171 switch($SETTINGS['def_tz']) { 172 case '-12.00': 173 $timezone1 = $selHTML; 174 break; 175 case '-11.00': 176 $timezone2 = $selHTML; 177 break; 178 case '-10.00': 179 $timezone3 = $selHTML; 180 break; 181 case '-9.00': 182 $timezone4 = $selHTML; 183 break; 184 case '-8.00': 185 $timezone5 = $selHTML; 186 break; 187 case '-7.00': 188 $timezone6 = $selHTML; 189 break; 190 case '-6.00': 191 $timezone7 = $selHTML; 192 break; 193 case '-5.00': 194 $timezone8 = $selHTML; 195 break; 196 case '-4.00': 197 $timezone9 = $selHTML; 198 break; 199 case '-3.50': 200 $timezone10 = $selHTML; 201 break; 202 case '-3.00': 203 $timezone11 = $selHTML; 204 break; 205 case '-2.00': 206 $timezone12 = $selHTML; 207 break; 208 case '-1.00': 209 $timezone13 = $selHTML; 210 break; 211 case '1.00': 212 $timezone15 = $selHTML; 213 break; 214 case '2.00': 215 $timezone16 = $selHTML; 216 break; 217 case '3.00': 218 $timezone17 = $selHTML; 219 break; 220 case '3.50': 221 $timezone18 = $selHTML; 222 break; 223 case '4.00': 224 $timezone19 = $selHTML; 225 break; 226 case '4.50': 227 $timezone20 = $selHTML; 228 break; 229 case '5.00': 230 $timezone21 = $selHTML; 231 break; 232 case '5.50': 233 $timezone22 = $selHTML; 234 break; 235 case '5.75': 236 $timezone23 = $selHTML; 237 break; 238 case '6.00': 239 $timezone24 = $selHTML; 240 break; 241 case '6.50': 242 $timezone25 = $selHTML; 243 break; 244 case '7.00': 245 $timezone26 = $selHTML; 246 break; 247 case '8.00': 248 $timezone27 = $selHTML; 249 break; 250 case '9.00': 251 $timezone28 = $selHTML; 252 break; 253 case '9.50': 254 $timezone29 = $selHTML; 255 break; 256 case '10.00': 257 $timezone30 = $selHTML; 258 break; 259 case '11.00': 260 $timezone31 = $selHTML; 261 break; 262 case '12.00': 263 $timezone32 = $selHTML; 264 break; 265 case '13.00': 266 $timezone33 = $selHTML; 267 break; 268 case '0.00': 269 default: 270 $timezone14 = $selHTML; 271 break; 272 } 273 274 $avatd = ''; 275 if ($SETTINGS['avastatus'] == 'on') { 276 eval('$avatd = "'.template('member_reg_avatarurl').'";'); 277 } else if ($SETTINGS['avastatus'] == 'list') { 278 $avatars = array(); 279 $avatars[] = '<option value=""/>'.$lang['textnone'].'</option>'; 280 $dirHandle = opendir(ROOT.'images/avatars'); 281 while($avFile = readdir($dirHandle)) { 282 if (is_file(ROOT.'images/avatars/'.$avFile) && $avFile != '.' && $avFile != '..' && $avFile != 'index.html') { 283 $avatars[] = '<option value="./images/avatars/'.$avFile.'" />'.$avFile.'</option>'; 284 } 285 } 286 closedir($dirHandle); 287 $avatars = implode("\n", str_replace('value="'.$member['avatar'].'"', 'value="'.$member['avatar'].'" selected="selected"', $avatars)); 288 eval('$avatd = "'.template('member_reg_avatarlist').'";'); 289 } 290 291 if (empty($dformatorig)) { 292 $dformatorig = $SETTINGS['dateformat']; 293 } 294 295 $regoptional = ''; 296 if ($SETTINGS['regoptional'] == 'on') { 297 eval('$regoptional = "'.template('member_reg_optional').'";'); 298 } 299 300 $captcharegcheck = ''; 301 if ($SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_reg_status'] == 'on' && !DEBUG) { 302 require ROOT.'include/captcha.inc.php'; 303 $Captcha = new Captcha(250, 50); 304 if ($Captcha->bCompatible !== false) { 305 $imghash = $Captcha->GenerateCode(); 306 if ($SETTINGS['captcha_code_casesensitive'] == 'off') { 307 $lang['captchacaseon'] = ''; 308 } 309 eval('$captcharegcheck = "'.template('member_reg_captcha').'";'); 310 } 311 } 312 eval('$memberpage = "'.template('member_reg').'";'); 313 } 314 } else { 315 $username = trim(postedVar('username', '', TRUE, FALSE)); 316 317 if (strlen($username) < 3 || strlen($username) > 32) { 318 error($lang['username_length_invalid']); 319 } 320 321 $nonprinting = '\\x00-\\x1F\\x7F'; //Universal chars that are invalid. 322 $specials = '\\]\'<>\\\\|"[,@'; //Other universal chars disallowed by XMB: []'"<>\|,@ 323 $icharset = strtoupper($charset); 324 if (substr($icharset, 0, 8) == 'ISO-8859') { 325 if ($icharset == 'ISO-8859-11') { 326 $nonprinting .= '-\\x9F\\xDB-\\xDE\\xFC-\\xFF'; //More chars invalid for the Thai set. 327 } else { 328 $nonprinting .= '-\\x9F\\xAD'; //More chars invalid for all ISO 8859 sets except Part 11 (Thai). 329 } 330 } elseif (substr($icharset, 0, 11) == 'WINDOWS-125') { 331 $nonprinting .= '\\xAD'; //More chars invalid for all Windows code pages. 332 } 333 334 if ($_POST['username'] != preg_replace("#[{$nonprinting}{$specials}]#", '', $_POST['username'])) { 335 error($lang['restricted']); 336 } 337 338 $username = trim(postedVar('username')); 339 340 if ($SETTINGS['ipreg'] != 'off') { 341 $time = $onlinetime-86400; 342 $query = $db->query("SELECT uid FROM ".X_PREFIX."members WHERE regip='$onlineip' AND regdate >= $time"); 343 if ($db->num_rows($query) >= 1) { 344 error($lang['reg_today']); 345 } 346 $db->free_result($query); 347 } 348 349 $email = postedVar('email', 'javascript', TRUE, TRUE, TRUE); 350 if ($SETTINGS['doublee'] == 'off' && false !== strpos($email, "@")) { 351 $email1 = ", email"; 352 $email2 = "OR email='$email'"; 353 } else { 354 $email1 = ''; 355 $email2 = ''; 356 } 357 358 $query = $db->query("SELECT username$email1 FROM ".X_PREFIX."members WHERE username='$username' $email2"); 359 if ($member = $db->fetch_array($query)) { 360 $db->free_result($query); 361 error($lang['alreadyreg']); 362 } 363 364 $postcount = $db->result($db->query("SELECT COUNT(pid) FROM ".X_PREFIX."posts WHERE author='$username'"), 0); 365 if (intval($postcount) > 0) { 366 error($lang['alreadyreg']); 367 } 368 369 if ($SETTINGS['emailcheck'] == 'on') { 370 $password = ''; 371 $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz"; 372 mt_srand((double)microtime() * 1000000); 373 $get = strlen($chars) - 1; 374 for($i = 0; $i < 8; $i++) { 375 $password .= $chars[mt_rand(0, $get)]; 376 } 377 $password2 = $password; 378 } elseif (!isset($_POST['password']) Or !isset($_POST['password2'])) { 379 error($lang['textpw1']); 380 } else { 381 $password = $_POST['password']; 382 $password2 = $_POST['password2']; 383 } 384 385 if ($password != $password2) { 386 error($lang['pwnomatch']); 387 } 388 389 $fail = false; 390 $efail = false; 391 $query = $db->query("SELECT * FROM ".X_PREFIX."restricted"); 392 while($restriction = $db->fetch_array($query)) { 393 $t_username = $username; 394 $t_email = $email; 395 if ($restriction['case_sensitivity'] == 0) { 396 $t_username = strtolower($t_username); 397 $t_email = strtolower($t_email); 398 $restriction['name'] = strtolower($restriction['name']); 399 } 400 401 if ($restriction['partial'] == 1) { 402 if (strpos($t_username, $restriction['name']) !== false) { 403 $fail = true; 404 } 405 406 if (strpos($t_email, $restriction['name']) !== false) { 407 $efail = true; 408 } 409 } else { 410 if ($t_username == $restriction['name']) { 411 $fail = true; 412 } 413 414 if ($t_email == $restriction['name']) { 415 $efail = true; 416 } 417 } 418 } 419 $db->free_result($query); 420 421 if ($fail) { 422 error($lang['restricted']); 423 } 424 425 if ($efail) { 426 error($lang['emailrestricted']); 427 } 428 429 require ROOT.'include/validate-email.inc.php'; 430 $test = new EmailAddressValidator(); 431 $rawemail = postedVar('email', '', FALSE, FALSE); 432 if (false === $test->check_email_address($rawemail)) { 433 error($lang['bademail']); 434 } 435 436 if ($password == '' || strpos($password, '"') != false || strpos($password, "'") != false) { 437 error($lang['textpw1']); 438 } 439 440 if ($username == '') { 441 error($lang['textnousername']); 442 } 443 444 if ($SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_reg_status'] == 'on' && !DEBUG) { 445 require ROOT.'include/captcha.inc.php'; 446 $Captcha = new Captcha(250, 50); 447 if ($Captcha->bCompatible !== false) { 448 $imghash = postedVar('imghash', '', FALSE, TRUE); 449 $imgcode = postedVar('imgcode', '', FALSE, FALSE); 450 if ($Captcha->ValidateCode($imgcode, $imghash) !== true) { 451 error($lang['captchaimageinvalid']); 452 } 453 } 454 } 455 456 $langfilenew = postedVar('langfilenew'); 457 $result = $db->query("SELECT devname FROM ".X_PREFIX."lang_base WHERE devname='$langfilenew'"); 458 if ($db->num_rows($result) == 0) { 459 $langfilenew = $SETTINGS['langfile']; 460 } 461 462 $query = $db->query("SELECT COUNT(uid) FROM ".X_PREFIX."members"); 463 $count1 = $db->result($query,0); 464 $db->free_result($query); 465 466 $self['status'] = ($count1 != 0) ? 'Member' : 'Super Administrator'; 467 468 $timeoffset1 = isset($_POST['timeoffset1']) && is_numeric($_POST['timeoffset1']) ? $_POST['timeoffset1'] : 0; 469 $thememem = formInt('thememem'); 470 $tpp = formInt('tpp'); 471 $ppp = formInt('ppp'); 472 $showemail = formYesNo('showemail'); 473 $newsletter = formYesNo('newsletter'); 474 $saveogu2u = formYesNo('saveogu2u'); 475 $emailonu2u = formYesNo('emailonu2u'); 476 $useoldu2u = formYesNo('useoldu2u'); 477 $u2ualert = formInt('u2ualert'); 478 $year = formInt('year'); 479 $month = formInt('month'); 480 $day = formInt('day'); 481 $bday = iso8601_date($year, $month, $day); 482 483 $dateformatnew = postedVar('dateformatnew', '', FALSE, TRUE); 484 $dateformattest = attrOut($dateformatnew, 'javascript'); // NEVER allow attribute-special data in the date format because it can be unescaped using the date() parser. 485 if (strlen($dateformatnew) == 0 Or $dateformatnew != $dateformattest) { 486 $dateformatnew = $SETTINGS['dateformat']; 487 } 488 unset($dateformattest); 489 490 $timeformatnew = formInt('timeformatnew'); 491 if ($timeformatnew != 12 And $timeformatnew != 24) { 492 $timeformatnew = $SETTINGS['timeformat']; 493 } 494 495 $password = md5($password); 496 497 if ($SETTINGS['regoptional'] == 'off') { 498 $db->query("INSERT INTO ".X_PREFIX."members (username, password, regdate, postnum, email, site, aim, status, location, bio, sig, showemail, timeoffset, icq, avatar, yahoo, customstatus, theme, bday, langfile, tpp, ppp, newsletter, regip, timeformat, msn, ban, dateformat, ignoreu2u, lastvisit, mood, pwdate, invisible, u2ufolders, saveogu2u, emailonu2u, useoldu2u, u2ualert) VALUES ('$username', '$password', ".$db->time($onlinetime).", 0, '$email', '', '', '$self[status]', '', '', '', '$showemail', '$timeoffset1', '', '', '', '', $thememem, '$bday', '$langfilenew', $tpp, $ppp, '$newsletter', '$onlineip', $timeformatnew, '', '', '$dateformatnew', '', 0, '', 0, '0', '', '$saveogu2u', '$emailonu2u', '$useoldu2u', $u2ualert)"); 499 } else { 500 $location = postedVar('location', 'javascript', TRUE, TRUE, TRUE); 501 $icq = postedVar('icq', '', FALSE, FALSE); 502 $icq = ($icq && is_numeric($icq) && $icq > 0) ? $icq : 0; 503 $yahoo = postedVar('yahoo', 'javascript', TRUE, TRUE, TRUE); 504 $aim = postedVar('aim', 'javascript', TRUE, TRUE, TRUE); 505 $msn = postedVar('msn', 'javascript', TRUE, TRUE, TRUE); 506 $site = postedVar('site', 'javascript', TRUE, TRUE, TRUE); 507 $bio = postedVar('bio', 'javascript', TRUE, TRUE, TRUE); 508 $mood = postedVar('mood', 'javascript', TRUE, TRUE, TRUE); 509 $sig = postedVar('sig', 'javascript', ($SETTINGS['sightml']=='off'), TRUE, TRUE); 510 511 if ($SETTINGS['avastatus'] == 'on') { 512 $avatar = postedVar('newavatar', 'javascript', TRUE, TRUE, TRUE); 513 $rawavatar = postedVar('newavatar', '', FALSE, FALSE); 514 515 $newavatarcheck = postedVar('newavatarcheck'); 516 517 $max_size = explode('x', $SETTINGS['max_avatar_size']); 518 519 if (preg_match('#^(http|ftp)://[:a-z\\./_\-0-9%~]+(\?[a-z=0-9&_\-;~]*)?$#Smi', $rawavatar) == 0) { 520 $avatar = ''; 521 } elseif (ini_get('allow_url_fopen')) { 522 if ($max_size[0] > 0 And $max_size[1] > 0 And strlen($rawavatar) > 0) { 523 $size = @getimagesize($rawavatar); 524 if ($size === FALSE) { 525 $avatar = ''; 526 } elseif (($size[0] > $max_size[0] && $max_size[0] > 0) || ($size[1] > $max_size[1] && $max_size[1] > 0)) { 527 error($lang['avatar_too_big'] . $SETTINGS['max_avatar_size'] . 'px'); 528 } 529 } 530 } elseif ($newavatarcheck == "no") { 531 $avatar = ''; 532 } 533 unset($rawavatar); 534 } elseif ($SETTINGS['avastatus'] == 'list') { 535 $rawavatar = postedVar('newavatar', '', FALSE, FALSE); 536 $dirHandle = opendir(ROOT.'images/avatars'); 537 $filefound = FALSE; 538 while($avFile = readdir($dirHandle)) { 539 if ($rawavatar == './images/avatars/'.$avFile) { 540 if (is_file(ROOT.'images/avatars/'.$avFile) && $avFile != '.' && $avFile != '..' && $avFile != 'index.html') { 541 $filefound = TRUE; 542 } 543 } 544 } 545 closedir($dirHandle); 546 unset($rawavatar); 547 if ($filefound) { 548 $avatar = postedVar('newavatar', 'javascript', TRUE, TRUE, TRUE); 549 } else { 550 $avatar = ''; 551 } 552 } else { 553 $avatar = ''; 554 } 555 556 $db->query("INSERT INTO ".X_PREFIX."members (username, password, regdate, postnum, email, site, aim, status, location, bio, sig, showemail, timeoffset, icq, avatar, yahoo, customstatus, theme, bday, langfile, tpp, ppp, newsletter, regip, timeformat, msn, ban, dateformat, ignoreu2u, lastvisit, mood, pwdate, invisible, u2ufolders, saveogu2u, emailonu2u, useoldu2u, u2ualert) VALUES ('$username', '$password', ".$db->time($onlinetime).", 0, '$email', '$site', '$aim', '$self[status]', '$location', '$bio', '$sig', '$showemail', '$timeoffset1', '$icq', '$avatar', '$yahoo', '', $thememem, '$bday', '$langfilenew', $tpp, $ppp, '$newsletter', '$onlineip', $timeformatnew, '$msn', '', '$dateformatnew', '', 0, '$mood', 0, '0', '', '$saveogu2u', '$emailonu2u', '$useoldu2u', $u2ualert)"); 557 } 558 559 $lang2 = loadPhrases(array('charset','textnewmember','textnewmember2','textyourpw','textyourpwis','textusername','textpassword')); 560 561 if ($SETTINGS['notifyonreg'] != 'off') { 562 $mailquery = $db->query("SELECT username, email, langfile FROM ".X_PREFIX."members WHERE status = 'Super Administrator'"); 563 while($admin = $db->fetch_array($mailquery)) { 564 $translate = $lang2[$admin['langfile']]; 565 if ($SETTINGS['notifyonreg'] == 'u2u') { 566 $db->query("INSERT INTO ".X_PREFIX."u2u (u2uid, msgto, msgfrom, type, owner, folder, subject, message, dateline, readstatus, sentstatus) VALUES ('', '$admin[username]', '".$db->escape_var($bbname)."', 'incoming', '$admin[username]', 'Inbox', '$translate[textnewmember]', '$translate[textnewmember2]', '".$onlinetime."', 'no', 'yes')"); 567 } else { 568 $rawuser = postedVar('username', '', FALSE, FALSE); 569 $rawbbname = htmlspecialchars_decode($bbname, ENT_NOQUOTES); 570 $headers = array(); 571 $headers[] = smtpHeaderFrom($rawbbname, $adminemail); 572 $headers[] = 'X-Mailer: PHP'; 573 $headers[] = 'X-AntiAbuse: Board servername - '.$cookiedomain; 574 $headers[] = 'X-AntiAbuse: Username - '.$rawuser; 575 $headers[] = 'Content-Type: text/plain; charset='.$translate['charset']; 576 $headers = implode("\r\n", $headers); 577 578 $adminemail = htmlspecialchars_decode($admin['email'], ENT_QUOTES); 579 altMail($adminemail, $translate['textnewmember'], $translate['textnewmember2']."\n\n$full_url", $headers); 580 } 581 } 582 $db->free_result($mailquery); 583 } 584 585 if ($SETTINGS['emailcheck'] == 'on') { 586 $translate = $lang2[$langfilenew]; 587 $username = trim(postedVar('username', '', FALSE, FALSE)); 588 $rawbbname = htmlspecialchars_decode($bbname, ENT_NOQUOTES); 589 $headers = array(); 590 $headers[] = smtpHeaderFrom($rawbbname, $adminemail); 591 $headers[] = 'X-Mailer: PHP'; 592 $headers[] = 'X-AntiAbuse: Board servername - '.$cookiedomain; 593 $headers[] = 'X-AntiAbuse: Username - '.$username; 594 $headers[] = 'Content-Type: text/plain; charset='.$translate['charset']; 595 $headers = implode("\r\n", $headers); 596 altMail($rawemail, '['.$rawbbname.'] '.$translate['textyourpw'], "{$translate['textyourpwis']} \n\n{$translate['textusername']} $username\n{$translate['textpassword']} $password2\n\n$full_url", $headers); 597 } else { 598 $username = trim(postedVar('username', '', TRUE, FALSE)); 599 $currtime = $onlinetime + (86400*30); 600 put_cookie("xmbuser", $username, $currtime, $cookiepath, $cookiedomain); 601 put_cookie("xmbpw", $password, $currtime, $cookiepath, $cookiedomain); 602 } 603 $memberpage = ($SETTINGS['emailcheck'] == 'on') ? "<center><span class=\"mediumtxt \">$lang[emailpw]</span></center>" : "<center><span class=\"mediumtxt \">$lang[regged]</span></center>"; 604 605 redirect($full_url, 2, X_REDIRECT_JS); 606 } 607 break; 608 609 case 'viewpro': 610 $member = postedVar('member', '', TRUE, FALSE, FALSE, 'g'); 611 if (strlen($member) < 3 || strlen($member) > 32) { 612 header('HTTP/1.0 404 Not Found'); 613 error($lang['nomember']); 614 } 615 616 $member = postedVar('member', '', TRUE, TRUE, FALSE, 'g'); 617 618 $query = $db->query("SELECT * FROM ".X_PREFIX."members WHERE username='$member'"); 619 if ($db->num_rows($query) != 1) { 620 header('HTTP/1.0 404 Not Found'); 621 error($lang['nomember']); 622 } 623 $memberinfo = $db->fetch_array($query); 624 $memberinfo['password'] = ''; 625 $db->free_result($query); 626 627 if ($memberinfo['status'] == 'Banned') { 628 $memberinfo['avatar'] = ''; 629 $rank = array( 630 'title' => 'Banned', 631 'posts' => 0, 632 'id' => 0, 633 'stars' => 0, 634 'allowavatars' => 'no', 635 'avatarrank' => '' 636 ); 637 } else { 638 if ($memberinfo['status'] == 'Administrator' || $memberinfo['status'] == 'Super Administrator' || $memberinfo['status'] == 'Super Moderator' || $memberinfo['status'] == 'Moderator') { 639 $limit = "title = '$memberinfo[status]'"; 640 } else { 641 $limit = "posts <= '$memberinfo[postnum]' AND title != 'Super Administrator' AND title != 'Administrator' AND title != 'Super Moderator' AND title != 'Moderator'"; 642 } 643 644 $rank = $db->fetch_array($db->query("SELECT * FROM ".X_PREFIX."ranks WHERE $limit ORDER BY posts DESC LIMIT 1")); 645 } 646 647 eval('$header = "'.template('header').'";'); 648 649 $encodeuser = recodeOut($memberinfo['username']); 650 if (X_GUEST) { 651 $memberlinks = ''; 652 } else { 653 $memberlinks = " <small>(<a href=\"u2u.php?action=send&username=$encodeuser\" onclick=\"Popup(this.href, 'Window', 700, 450); return false;\">{$lang['textu2u']}</a>) (<a href=\"buddy.php?action=add&buddys=$encodeuser\" onclick=\"Popup(this.href, 'Window', 450, 400); return false;\">{$lang['addtobuddies']}</a>)</small>"; 654 } 655 656 $daysreg = ($onlinetime - $memberinfo['regdate']) / (24*3600); 657 if ($daysreg > 1) { 658 $ppd = $memberinfo['postnum'] / $daysreg; 659 $ppd = round($ppd, 2); 660 } else { 661 $ppd = $memberinfo['postnum']; 662 } 663 664 $memberinfo['regdate'] = gmdate($dateformat , $memberinfo['regdate'] + ($addtime * 3600) + ($timeoffset * 3600)); 665 666 if (strpos($memberinfo['site'], 'http') === false) { 667 $memberinfo['site'] = "http://$memberinfo[site]"; 668 } 669 670 if ($memberinfo['site'] != 'http://') { 671 $site = $memberinfo['site']; 672 } else { 673 $site = ''; 674 } 675 676 if (X_MEMBER && $memberinfo['email'] != '' && $memberinfo['showemail'] == 'yes') { 677 $email = $memberinfo['email']; 678 } else { 679 $email = ''; 680 } 681 682 $rank['avatarrank'] = trim($rank['avatarrank']); 683 $memberinfo['avatar'] = trim($memberinfo['avatar']); 684 685 if ($rank['avatarrank'] != '') { 686 $rank['avatarrank'] = '<img src="'.$rank['avatarrank'].'" alt="'.$lang['altavatar'].'" border="0" />'; 687 } 688 689 if ($memberinfo['avatar'] != '') { 690 $memberinfo['avatar'] = '<img src="'.$memberinfo['avatar'].'" alt="'.$lang['altavatar'].'" border="0" />'; 691 } 692 693 if ($rank['avatarrank'] || $memberinfo['avatar']) { 694 if (isset($site) && strlen(trim($site)) > 0) { 695 $sitelink = $site; 696 } else { 697 $sitelink = "about:blank"; 698 } 699 } else { 700 $sitelink = "about:blank"; 701 } 702 703 $showtitle = $rank['title']; 704 $stars = str_repeat('<img src="'.$imgdir.'/star.gif" alt="*" border="0" />', $rank['stars']); 705 706 if ($memberinfo['customstatus'] != '') { 707 $showtitle = $rank['title']; 708 $customstatus = '<br />'.censor($memberinfo['customstatus']); 709 } else { 710 $showtitle = $rank['title']; 711 $customstatus = ''; 712 } 713 714 if (!($memberinfo['lastvisit'] > 0)) { 715 $lastmembervisittext = $lang['textpendinglogin']; 716 } else { 717 $lastvisitdate = gmdate($dateformat, $memberinfo['lastvisit'] + ($timeoffset * 3600) + ($addtime * 3600)); 718 $lastvisittime = gmdate($timecode, $memberinfo['lastvisit'] + ($timeoffset * 3600) + ($addtime * 3600)); 719 $lastmembervisittext = $lastvisitdate.' '.$lang['textat'].' '.$lastvisittime; 720 } 721 722 $query = $db->query("SELECT COUNT(pid) FROM ".X_PREFIX."posts"); 723 $posts = $db->result($query, 0); 724 $db->free_result($query); 725 726 $posttot = $posts; 727 if ($posttot == 0) { 728 $percent = '0'; 729 } else { 730 $percent = $memberinfo['postnum']*100/$posttot; 731 $percent = round($percent, 2); 732 } 733 734 $memberinfo['bio'] = censor($memberinfo['bio']); 735 $memberinfo['bio'] = nl2br($memberinfo['bio']); 736 737 $emailblock = ''; 738 if ($memberinfo['showemail'] == 'yes') { 739 eval('$emailblock = "'.template('member_profile_email').'";'); 740 } 741 742 if (X_SADMIN) { 743 $admin_edit = "<br />$lang[adminoption] <a href=\"./editprofile.php?user=$encodeuser\">$lang[admin_edituseraccount]</a>"; 744 } else { 745 $admin_edit = NULL; 746 } 747 748 if ($memberinfo['mood'] != '') { 749 $memberinfo['mood'] = postify($memberinfo['mood'], 'no', 'no', 'yes', 'no', 'yes', 'no', true, 'yes'); 750 } else { 751 $memberinfo['mood'] = ''; 752 } 753 754 $memberinfo['location'] = censor($memberinfo['location']); 755 $memberinfo['aim'] = censor($memberinfo['aim']); 756 $memberinfo['aimrecode'] = recodeOut($memberinfo['aim']); 757 $memberinfo['icq'] = ($memberinfo['icq'] > 0) ? $memberinfo['icq'] : ''; 758 $memberinfo['yahoo'] = censor($memberinfo['yahoo']); 759 $memberinfo['yahoorecode'] = recodeOut($memberinfo['yahoo']); 760 $memberinfo['msn'] = censor($memberinfo['msn']); 761 $memberinfo['msnrecode'] = recodeOut($memberinfo['msn']); 762 763 if ($memberinfo['bday'] === iso8601_date(0,0,0)) { 764 $memberinfo['bday'] = $lang['textnone']; 765 } else { 766 $memberinfo['bday'] = printGmDate(MakeTime(12,0,0,substr($memberinfo['bday'],5,2),substr($memberinfo['bday'],8,2),substr($memberinfo['bday'],0,4))); 767 } 768 769 // Forum most active in 770 $found = false; 771 $query = $db->query("SELECT f.userlist, f.password, f.postperm, f.moderator, f.name, p.fid, COUNT(DISTINCT p.pid) as posts FROM ".X_PREFIX."posts p LEFT JOIN ".X_PREFIX."forums f ON p.fid=f.fid WHERE p.author='$member' AND f.status='on' GROUP BY p.fid ORDER BY posts DESC"); 772 while($f = $db->fetch_array($query)) { 773 $pp = checkForumPermissions($f); 774 if ($pp[X_PERMS_VIEW] && $pp[X_PERMS_PASSWORD]) { 775 $forum = $f; 776 $found = true; 777 break; 778 } 779 } 780 781 if (!$found || $forum['posts'] < 1) { 782 $topforum = $lang['textnopostsyet']; 783 } else if ($memberinfo['postnum'] <= 0) { 784 $topforum = $lang['textnopostsyet']; 785 } else { 786 $topforum = "<a href=\"./forumdisplay.php?fid=$forum[fid]\">".fnameOut($forum['name'])."</a> ($forum[posts] $lang[memposts]) [".round(($forum['posts']/$memberinfo['postnum'])*100, 1)."% $lang[textoftotposts]]"; 787 } 788 789 // Last post 790 $lpfound = false; 791 $pq = $db->query("SELECT t.tid, t.subject, p.dateline, p.pid, f.fid, f.postperm, f.password, f.userlist, f.moderator FROM ".X_PREFIX."posts p, ".X_PREFIX."threads t, ".X_PREFIX."forums f WHERE p.fid=f.fid AND p.author='$memberinfo[username]' AND p.tid=t.tid AND f.status='on' ORDER BY p.dateline DESC"); 792 while($post = $db->fetch_array($pq)) { 793 $pp = checkForumPermissions($post); 794 if (!($pp[X_PERMS_VIEW] && $pp[X_PERMS_PASSWORD])) { 795 continue; 796 } 797 $lpfound = true; 798 $posts = $db->result($db->query("SELECT count(pid) FROM ".X_PREFIX."posts WHERE tid='$post[tid]' AND pid < '$post[pid]'"), 0)+1; // +1 is faster than doing <= ! 799 validatePpp(); 800 801 $page = quickpage($posts, $ppp); 802 803 $lastpostdate = gmdate($dateformat, $post['dateline'] + ($timeoffset * 3600) + ($SETTINGS['addtime'] * 3600)); 804 $lastposttime = gmdate($timecode, $post['dateline'] + ($timeoffset * 3600) + ($SETTINGS['addtime'] * 3600)); 805 806 $lastposttext = $lastpostdate.' '.$lang['textat'].' '.$lastposttime; 807 $post['subject'] = rawHTMLsubject(stripslashes($post['subject'])); 808 $lastpost = "<a href=\"./viewthread.php?tid=$post[tid]&page=$page#pid$post[pid]\">$post[subject]</a> ($lastposttext)"; 809 break; 810 } 811 if (!$lpfound) { 812 $lastpost = $lang['textnopostsyet']; 813 } 814 815 if (X_GUEST && $SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_search_status'] == 'on' && !DEBUG) { 816 $lang['searchusermsg'] = ''; 817 } else { 818 $lang['searchusermsg'] = str_replace('*USER*', recodeOut($memberinfo['username']), $lang['searchusermsg']); 819 } 820 eval('$memberpage = "'.template('member_profile').'";'); 821 break; 822 823 default: 824 error($lang['textnoaction']); 825 break; 826 } 827 828 end_time(); 829 eval('$footer = "'.template('footer').'";'); 830 echo $header, $memberpage, $footer; 831 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Jan 26 20:11:23 2010 | Home | Forum | Download | SVN | Bug Tracker | Documentation | Cross-referenced by PHPXref 0.7 |