<?php
# Author: Eduard Laas
# Copyright © 2005 - 2017 SLAED
# License: GNU GPL 3
# Website: slaed.net
if (!defined("FUNC_FILE")) die("Illegal file access");
if ($conf['forum'] == 'ipb1.3.1' OR $conf['forum'] == 'ipb2.0.x' OR $conf['forum'] == 'ipb2.1.x' OR $conf['forum'] == 'ipb2.2.x' OR $conf['forum'] == 'ipb2.3.x') {
include_once("forum/conf_global.php");
$table_prefix = $INFO['sql_tbl_prefix'];
$sql_pass = $INFO['sql_pass'];
$sql_user = $INFO['sql_user'];
function log_in($user_name, $user_password) {
global $db, $conf, $table_prefix;
$user_name = strtolower(str_replace('|', '|', $user_name));
$user_password = md5($user_password);
if ($conf['forum'] == 'ipb2.0.x' OR $conf['forum'] == 'ipb2.1.x' OR $conf['forum'] == 'ipb2.2.x' OR $conf['forum'] == 'ipb2.3.x') {
$db->sql_query("SELECT m.name, m.id, m.member_login_key, m.email, c.converge_pass_salt, c.converge_pass_hash FROM ".$table_prefix."members m LEFT JOIN ".$table_prefix."members_converge c ON (c.converge_id=m.id) WHERE LOWER(name)='".$user_name."'");
} elseif ($conf['forum'] == 'ipb1.3.1') {
$db->sql_query("SELECT name, id, password, email FROM ".$table_prefix."members WHERE LOWER(name)='".$user_name."'");
}
if ($member = $db->sql_fetchrow()) {
if ($conf['forum'] == 'ipb2.1.x' OR $conf['forum'] == 'ipb2.0.x' OR $conf['forum'] == "ipb2.2.x" OR $conf['forum'] == "ipb2.3.x") {
if ($member['converge_pass_hash'] != generate_compiled_passhash( str_replace( "\\\\" , '\\', $member['converge_pass_salt'] ), $user_password)) {
return false;
}
} elseif ($conf['forum'] == 'ipb1.3.1') {
if ($member['password'] != $user_password) {
return false;
}
}
if (!$member['id']) {
return false;
}
$sid = md5(uniqid(microtime()));
if ($conf['forum'] == 'ipb2.1.x' OR $conf['forum'] == 'ipb2.0.x' OR $conf['forum'] == 'ipb2.2.x' OR $conf['forum'] == 'ipb2.3.x') {
$pass_hash_set = $member['member_login_key'];
} elseif ($conf['forum'] == 'ipb1.3.1') {
$pass_hash_set = $user_password;
}
if ($conf['forum'] == 'ipb2.2.x' OR $conf['forum'] == 'ipb2.3.x') stronghold_set_cookie( $member['id'], $member['member_login_key'] );
setcookie("member_id", $member['id'], time() + intval($conf['user_c_t']));
setcookie("pass_hash", $pass_hash_set, time() + intval($conf['user_c_t']));
setcookie("session_id", $sid, time() + intval($conf['user_c_t']));
$db->sql_query("UPDATE ".$table_prefix."members SET ip_address='" . $_SERVER['REMOTE_ADDR'] . "' WHERE id='".$member['id']."'");
$db->sql_query("DELETE FROM ".$table_prefix."sessions WHERE ip_address='" . $_SERVER['REMOTE_ADDR'] . "'");
$id = $member['id'];
$userag = getagent();
$browser = substr($userag, 0, 64);
$ip = substr($_SERVER['REMOTE_ADDR'], 0, 16);
$db->sql_query("INSERT INTO ".$table_prefix."sessions (id, member_name, member_id, running_time, member_group, ip_address, browser, login_type) VALUES ('$sid', '".$member['name']."', '".$member['id']."', '".time()."', '".$member['mgroup']."', '$ip', '$browser', '0')");
} else {
return false;
}
}
function log_out() {
global $db, $table_prefix;
$db->sql_query("UPDATE ".$table_prefix."sessions SET member_name='',member_id='0',login_type='0' WHERE id='".text_filter($_COOKIE['session_id'])."'");
setcookie("member_id", "0");
setcookie("pass_hash", "0");
setcookie("session_id", "-1");
$db->sql_query("UPDATE ".$table_prefix."members SET last_visit='".time()."', last_activity='".time()."' WHERE id='".text_filter($_COOKIE['session_id'])."'");
return true;
}
function new_user($user_name, $user_password, $user_email) {
global $db, $table_prefix, $conf;
$user_password = md5($user_password);
if ($conf['forum'] == "ipb1.3.1") {
$result = $db->sql_query("SELECT id FROM ".$table_prefix."members WHERE LOWER(name)='" . strtolower($user_name) . "' OR email='" . $user_email . "'");
} else {
$result = $db->sql_query("SELECT id FROM ".$table_prefix."members WHERE LOWER(name)='" . strtolower($user_name) . "' OR email='" . $user_email . "' OR LOWER(members_display_name)='".strtolower($user_name)."'");
}
if ($db->sql_numrows($result)) {
return false;
}
if ($conf['forum'] == "ipb2.1.x" OR $conf['forum'] == "ipb2.0.x" OR $conf['forum'] == "ipb2.2.x" OR $conf['forum'] == "ipb2.3.x") {
$salt = generate_password_salt(5);
$member_login_key = generate_auto_log_in_key();
$passhash = generate_compiled_passhash($salt, $user_password);
}
list($last_id) = $db->sql_fetchrow($db->sql_query("SELECT id FROM ".$table_prefix."members ORDER by id DESC LIMIT 1"));
$new_id = $last_id + 1;
$ip = substr($_SERVER['REMOTE_ADDR'], 0, 16);
if ($conf['forum'] == "ipb2.1.x") {
$db->sql_query("INSERT INTO ".$table_prefix."members (id, name, mgroup, email, joined, member_login_key, members_display_name, ip_address) VALUES ('$new_id', '$user_name', '3', '$user_email', '".time()."', '$member_login_key', '$user_name', '$ip')");
} elseif ($conf['forum'] == "ipb2.0.x") {
$db->sql_query("INSERT INTO ".$table_prefix."members (id, name, mgroup, email, joined, member_login_key, ip_address) VALUES ('$new_id', '$user_name', '3', '$user_email', '".time()."', '$member_login_key', '$ip')");
} elseif ($conf['forum'] == "ipb1.3.1") {
$db->sql_query("INSERT INTO ".$table_prefix."members (id, name, password, mgroup, email, avatar, posts, vdirs, joined, ip_address) VALUES ('$new_id', '$user_name', '$user_password','3', '$user_email', 'noavatar', '0', 'in:Inbox|sent:Sent Items','".time()."', '$ip')");
} elseif ($conf['forum'] == "ipb2.2.x" OR $conf['forum'] == 'ipb2.3.x') {
$key_exp = time() + 604800;
$db->sql_query("INSERT INTO ".$table_prefix."members (id, name, mgroup, email, joined, ip_address, language, member_login_key, member_login_key_expire,members_display_name,members_l_display_name,members_l_username) VALUES ('$new_id', '$user_name', '3', '$user_email', '".time()."', '$ip', 'russian', '$member_login_key', '$key_exp', '$user_name', '".strtolower($user_name)."', '".strtolower($user_name)."')");
}
if ($conf['forum'] == "ipb2.1.x" OR $conf['forum'] == "ipb2.0.x" OR $conf['forum'] == "ipb2.2.x" OR $conf['forum'] == 'ipb2.3.x') {
$db->sql_query("INSERT INTO ".$table_prefix."members_converge (converge_id, converge_email, converge_joined, converge_pass_hash, converge_pass_salt) VALUES ('$new_id', '$user_email', '".time()."', '$passhash', '$salt')");
$db->sql_query("INSERT INTO ".$table_prefix."member_extra (id, vdirs) VALUES ('$new_id', 'in:Inbox|sent:Sent Items')");
$result = mysql_fetch_array($db->sql_query("SELECT * FROM ".$table_prefix."cache_store WHERE cs_key='stats'"));
$stats = unserialize($result['cs_value']);
$stats['last_mem_name'] = $user_name;
$stats['mem_count'] = $stats['mem_count']+1;
$stats['last_mem_id'] = $new_id;
$stats = serialize($stats);
$db->sql_query("UPDATE ".$table_prefix."cache_store SET cs_value='$stats' WHERE cs_key='stats'");
} elseif ($conf['forum'] == "ipb1.3.1") {
$db->sql_query("INSERT INTO ".$table_prefix."member_extra (id) VALUES ('$new_id')");
$db->sql_query("UPDATE ".$table_prefix."stats SET MEM_COUNT=MEM_COUNT+1, LAST_MEM_NAME='".$user_name."', LAST_MEM_ID='".$new_id."'");
}
return true;
}
function check_user($user_name, $user_pass) {
global $db, $table_prefix;
$result = $db->sql_query("SELECT a.email, b.converge_pass_hash, b.converge_pass_salt FROM ".$table_prefix."members a LEFT JOIN ".$table_prefix."members_converge b ON (b.converge_id=a.id) WHERE LOWER(a.name)='".strtolower($user_name)."'");
$info = $db->sql_fetchrow($result);
if ($db->sql_numrows($result) == 1) {
$new_passhash = generate_compiled_passhash($info['converge_pass_salt'], md5($user_pass));
if ($new_passhash == $info['converge_pass_hash']) {
new_site_user($user_name, $user_pass, $info['email']);
} else {
return false;
}
} else {
return false;
}
}
function new_pass($user_name, $newpass, $user_email) {
global $db, $table_prefix, $conf;
$result = $db->sql_query("SELECT id FROM ".$table_prefix."members WHERE LOWER(name)='" . strtolower($user_name) . "' AND email='" . $user_email . "'");
if ($db->sql_numrows($result) == 1) {
$info = $db->sql_fetchrow($result);
$salt = generate_password_salt(5);
$new_passhash = generate_compiled_passhash( $salt, md5($newpass) );
if ($conf['forum'] == "ipb1.3.1") {
$db->sql_query("UPDATE ".$table_prefix."members SET password='".md5($newpass)."' WHERE id='".$info['id']."'");
} else {
$db->sql_query("UPDATE ".$table_prefix."members_converge SET converge_pass_hash='$new_passhash', converge_pass_salt='$salt' WHERE converge_id='".$info['id']."'");
}
} else {
return false;
}
}
function generate_compiled_passhash($salt, $md5_once_password) {
return md5( md5( $salt ) . $md5_once_password );
}
function generate_password_salt($len=5) {
$salt = '';
for ( $i = 0; $i < $len; $i++ ) {
$num = rand(33, 126);
if ( $num == '92' ) {
$num = 93;
}
$salt .= chr( $num );
}
return $salt;
}
function generate_auto_log_in_key($len=60) {
$pass = generate_password_salt(60);
return md5($pass);
}
function stronghold_set_cookie( $member_id, $member_log_in_key ) {
global $sql_pass, $sql_user;
$ip_octets = explode(".", $_SERVER["REMOTE_ADDR"] );
$crypt_salt = md5( $sql_pass.$sql_user );
$stronghold = md5( md5( $member_id . "-" . $ip_octets[0] . '-' . $ip_octets[1] . '-' . $member_log_in_key ) . $crypt_salt );
setcookie ("ipb_stronghold", $stronghold,time()+31536000);
return true;
}
} elseif ($conf['forum'] == 'phpbb') {
include_once("forum/config.php");
$result = $db->sql_query("SELECT * FROM ".$table_prefix."config");
while ($row = $db->sql_fetchrow($result)) {
$board_config[$row['config_name']] = $row['config_value'];
}
function log_in($user_name, $user_password) {
global $db, $table_prefix, $board_config;
$result = $db->sql_query("SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try FROM ".$table_prefix."users WHERE username = '".$user_name."'");
if ($row = $db->sql_fetchrow($result)) {
if (md5($user_password) == $row['user_password'] AND $row['user_active'] ) {
$user_ip = encode_ip($_SERVER['REMOTE_ADDR']);
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
$user_id = $row['user_id'];
$current_time = time();
$auto_login_key = dss_rand() . dss_rand();
$db->sql_query("UPDATE ".$table_prefix."sessions_keys SET last_ip = '$user_ip', key_id = '".md5($auto_login_key)."', last_login = $current_time WHERE user_id='".$user_id."'");
$e = @mysql_info();
preg_match("/^\D+(\d+)/", $e, $matches);
if ($matches[1] == 0) $db->sql_query("INSERT INTO ".$table_prefix."sessions_keys (key_id, user_id, last_ip, last_login) VALUES ('".md5($auto_login_key)."', '$user_id', '$user_ip', '$current_time')");
$result = $db->sql_query("UPDATE ".$table_prefix."sessions SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin WHERE session_user_id = '".$user_id."' AND session_ip = '$user_ip'");
if (!$result) {
$session_id = md5(dss_rand());
$db->sql_query("INSERT INTO ".$table_prefix."sessions (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin) VALUES ('$session_id', '$user_id', '$current_time', '$current_time', '$user_ip', '0', '1', '0')");
}
$sessiondata['autologinid'] = $auto_login_key;
$sessiondata['userid'] = $user_id;
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
return true;
} else {
return false;
}
} else {
return false;
}
}
function log_out() {
global $db, $table_prefix, $board_config;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
$session_id = text_filter($_COOKIE[$cookiename."_sid"]);
$autologin_key = unserialize($_COOKIE[$cookiename."_data"]);
$current_time = time();
if ($autologin_key['autologinid'] != "" AND $autologin_key['userid'] != "") {
$autologin_key_hash = md5($autologin_key['autologinid']);
$user_id = $autologin_key['userid'];
$db->sql_query("DELETE FROM ".$table_prefix."sessions_keys WHERE user_id = '$user_id' AND key_id = '$autologin_key_hash'");
}
if ($session_id != "") $db->sql_query("DELETE FROM ".$table_prefix."sessions WHERE session_id = '$session_id'");
setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
return true;
}
function new_user($user_name, $user_password, $user_email) {
global $db, $table_prefix, $board_config;
$user_password = md5($user_password);
$result = $db->sql_query("SELECT user_id FROM ".$table_prefix."users WHERE LOWER(username)='".strtolower($user_name)."' OR user_email='".$user_email."'");
if ($db->sql_numrows($result)) {
return false;
}
list($last_id) = $db->sql_fetchrow($db->sql_query("SELECT user_id FROM ".$table_prefix."users ORDER by user_id DESC LIMIT 1") );
$new_id = $last_id + 1;
$db->sql_query("INSERT INTO ".$table_prefix."users (user_id, username, user_regdate, user_password, user_email, user_active, user_lang) VALUES ('$new_id', '$user_name', '".time()."', '$user_password', '$user_email', '1', 'russian')");
return true;
}
function check_user($user_name, $user_pass) {
global $db, $table_prefix;
$result = $db->sql_query("SELECT user_email FROM ".$table_prefix."users WHERE LOWER(username)='".strtolower($user_name)."' AND user_password='".md5($user_pass)."'");
$info = $db->sql_fetchrow($result);
if ($db->sql_numrows($result) == 1) {
new_site_user($user_name, $user_pass, $info['user_email']);
} else {
return false;
}
}
function new_pass($user_name, $newpass, $user_email) {
global $db, $table_prefix, $conf;
$result = $db->sql_query("SELECT user_id FROM ".$table_prefix."users WHERE LOWER(username)='".strtolower($user_name)."' AND user_email='" . $user_email . "'");
if ($db->sql_numrows($result) == 1) {
$info = $db->sql_fetchrow($result);
$db->sql_query("UPDATE ".$table_prefix."users SET user_password='".md5($newpass)."' WHERE user_id='".$info['user_id']."'");
} else {
return false;
}
}
function dss_rand() {
global $db, $board_config;
$val = $board_config['rand_seed'] . microtime();
$val = md5($val);
$board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a');
return substr($val, 4, 16);
}
function encode_ip($dotquad_ip) {
$ip_sep = explode('.', $dotquad_ip);
return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
}
} elseif ($conf['forum'] == "phpbb3") {
# Если у вас другая группа "пользователи", измените.
$user_def_group = "2";
# Функции из phpbb3, отвечающие за генерирование ключей, сессий и паролей
function unique_id() {
$val = $config['rand_seed'].microtime();
$val = md5($val);
$config['rand_seed'] = md5($config['rand_seed'].$val.$extra);
return substr($val, 4, 16);
}
function _hash_crypt_private($password, $setting, &$itoa64) {
$output = '*';
# Check for correct hash
if (substr($setting, 0, 3) != '$H$') return $output;
$count_log2 = strpos($itoa64, $setting[3]);
if ($count_log2 < 7 || $count_log2 > 30) return $output;
$count = 1 << $count_log2;
$salt = substr($setting, 4, 8);
if (strlen($salt) != 8) return $output;
$hash = md5($salt.$password, true);
do {
$hash = md5($hash . $password, true);
}
while (--$count);
$output = substr($setting, 0, 12);
$output .= _hash_encode64($hash, 16, $itoa64);
return $output;
}
function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6) {
if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8;
$output = '$H$';
$output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= 5) ? 5 : 3), 30)];
$output .= _hash_encode64($input, 6, $itoa64);
return $output;
}
function _hash_encode64($input, $count, &$itoa64) {
$output = '';
$i = 0;
do {
$value = ord($input[$i++]);
$output .= $itoa64[$value & 0x3f];
if ($i < $count) $value |= ord($input[$i]) << 8;
$output .= $itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count) break;
if ($i < $count) $value |= ord($input[$i]) << 16;
$output .= $itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count) break;
$output .= $itoa64[($value >> 18) & 0x3f];
}
while ($i < $count);
return $output;
}
function phpbb_hash($password) {
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
$random_state = unique_id();
$random = '';
$count = 6;
if (($fh = @fopen('/dev/urandom', 'rb'))) {
$random = fread($fh, $count);
fclose($fh);
}
if (strlen($random) < $count) {
$random = '';
for ($i = 0; $i < $count; $i += 16) {
$random_state = md5(unique_id() . $random_state);
$random .= pack('H*', md5($random_state));
}
$random = substr($random, 0, $count);
}
$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);
if (strlen($hash) == 34) return $hash;
return md5($password);
}
function phpbb_check_hash($password, $hash) {
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if (strlen($hash) == 34) return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;
return (md5($password) === $hash) ? true : false;
}
function get_avatar_filename($avatar_entry) {
global $board_config;
if ($avatar_entry[0] === 'g') {
$avatar_group = true;
$avatar_entry = substr($avatar_entry, 1);
} else {
$avatar_group = false;
}
$ext = substr(strrchr($avatar_entry, '.'), 1);
$avatar_entry = intval($avatar_entry);
return $board_config['avatar_salt'].'_'.(($avatar_group) ? 'g' : '').$avatar_entry.'.'.$ext;
}
# Конец функций phpbb3
include_once("forum/config.php");
$result = $db->sql_query("SELECT * FROM ".$table_prefix."config");
while ($row = $db->sql_fetchrow($result)) {
$board_config[$row['config_name']] = $row['config_value'];
}
function log_in($user_name, $user_password) {
global $db, $table_prefix, $board_config;
$user_name = strtolower(str_replace('|', '|', $user_name));
$result = $db->sql_query("SELECT user_id, username_clean, user_password, user_passchg, user_email, user_type FROM ".$table_prefix."users WHERE username_clean = '".$user_name."'");
$row = $db->sql_fetchrow($result);
if($user_name == $row['username_clean'] && phpbb_check_hash($user_password, $row['user_password'])) {
$expire = time()+60*60*24*365;
$phpbb_key = unique_id(hexdec(substr(md5(unique_id()), 0, 8)));
$phpbb_sid = md5($phpbb_key);
$db->sql_query("INSERT INTO ".$table_prefix."sessions_keys (key_id, user_id, last_ip, last_login) VALUES ('".$phpbb_sid."','".$row['user_id']."','".getenv("REMOTE_ADDR")."','".time()."')");
setcookie($board_config['cookie_name']."_u",$row['user_id'],$expire,"/",$board_config['cookie_domain']);
setcookie($board_config['cookie_name']."_k",$phpbb_key,$expire,"/",$board_config['cookie_domain']);
setcookie($board_config['cookie_name']."_sid",$phpbb_sid,$expire,"/",$board_config['cookie_domain']);
return true;
} else {
return false;
}
}
function log_out() {
global $db, $table_prefix, $board_config;
$phpbb_key = $_COOKIE[$board_config['cookie_name']."_k"];
$phpbb_sid = $_COOKIE[$board_config['cookie_name']."_sid"];
$db->sql_query("DELETE FROM ".$table_prefix."sessions_keys WHERE key_id = '".md5($phpbb_key)."'");
$db->sql_query("DELETE FROM ".$table_prefix."sessions WHERE session_id = '".$phpbb_sid."'");
setcookie($board_config['cookie_name']."_u","1","0","/",$board_config['cookie_domain']);
setcookie($board_config['cookie_name']."_k","","0","/",$board_config['cookie_domain']);
setcookie($board_config['cookie_name']."_sid","","0","/",$board_config['cookie_domain']);
}
function new_user($user_name, $user_password, $user_email) {
global $db, $table_prefix, $board_config, $user_def_group;
$user_name_clean = strtolower(str_replace('|', '|', $user_name));
if(strlen($user_password) != 34){
$phpbb_password = phpbb_hash($user_password);
} else {
$phpbb_password = $user_password;
}
$email_hash = crc32(strtolower($user_email)).strlen($user_email);
$form_salt = unique_id();
$user_ip = getenv("REMOTE_ADDR");
$num_users_new = $board_config['num_users'] + 1;
list($last_id) = $db->sql_fetchrow($db->sql_query("SELECT user_id FROM ".$table_prefix."users ORDER BY user_id DESC LIMIT 1"));
$reg_id = $last_id + 1;
$db->sql_query("INSERT INTO ".$table_prefix."users (user_id, group_id, user_ip, user_regdate, username, username_clean, user_password, user_passchg, user_email, user_email_hash, user_lang, user_dateformat, user_form_salt) VALUES ('".$reg_id."', '".$user_def_group."', '".$user_ip."', '".time()."', '".$user_name."', '".$user_name_clean."', '".$phpbb_password."', '".time()."', '".$user_email."', '".$email_hash."', '".$board_config['default_lang']."', '".$board_config['default_dateformat']."', '".$form_salt."')");
$db->sql_query("INSERT INTO ".$table_prefix."user_group (group_id, user_id, group_leader, user_pending) VALUES ('2', '".$reg_id."', '0', '0')");
$db->sql_query("UPDATE ".$table_prefix."config SET config_value = '".$reg_id."' WHERE config_name = 'newest_user_id'");
$db->sql_query("UPDATE ".$table_prefix."config SET config_value = '".$user_name."' WHERE config_name = 'newest_username'");
$db->sql_query("UPDATE ".$table_prefix."config SET config_value = '".$num_users_new."' WHERE config_name = 'num_users'");
}
function check_user($user_name, $user_pass) {
}
function dss_rand() {
}
function encode_ip($dotquad_ip) {
}
function update_userinfo_fromphpbb($user_name) {
global $db, $table_prefix, $board_config, $prefix;
$user_name = strtolower(str_replace('|', '|', $user_name));
$query = $db->sql_query("SELECT user_avatar, user_website, user_email, user_occ, user_from, user_interests, user_sig, user_allow_viewemail, user_birthday FROM ".$table_prefix."users WHERE username_clean = '".$user_name."'");
list($user_avatar, $user_website, $user_email, $user_occ, $user_from, $user_interests, $user_sig, $user_allow_viewemail, $user_birthday) = $db->sql_fetchrow($query);
$userinfo = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_users WHERE LOWER(user_name) = '".$user_name."'"));
if(!empty($user_avatar)) {
$user_avatar = $user_avatar;
} else {
$user_avatar = "default/00.gif";
}
preg_match("/(..)(.)(..)(.)(....)/", $user_birthday, $user_birthday_ary);
$user_birthday = date("Y-m-d", mktime(0, 0, 0, $user_birthday_ary[3], $user_birthday_ary[1], $user_birthday_ary[5]));
if ($userinfo['user_avatar'] != $user_avatar) $db->sql_query("UPDATE ".$prefix."_users SET user_avatar = '".$user_avatar."' WHERE LOWER(user_name) = '".$user_name."'");
if ($userinfo['user_website'] != $user_website) $db->sql_query("UPDATE ".$prefix."_users SET user_website = '".$user_website."' WHERE LOWER(user_name) = '".$user_name."'");
if ($userinfo['user_email'] != $user_email) $db->sql_query("UPDATE ".$prefix."_users SET user_email = '".$user_email."' WHERE LOWER(user_name) = '".$user_name."'");
if ($userinfo['user_occ'] != $user_occ) $db->sql_query("UPDATE ".$prefix."_users SET user_occ = '".$user_occ."' WHERE LOWER(user_name) = '".$user_name."'");
if ($userinfo['user_from'] != $user_from) $db->sql_query("UPDATE ".$prefix."_users SET user_from = '".$user_from."' WHERE LOWER(user_name) = '".$user_name."'");
if ($userinfo['user_interests'] != $user_interests) $db->sql_query("UPDATE ".$prefix."_users SET user_interests = '".$user_interests."' WHERE LOWER(user_name) = '".$user_name."'");
if ($userinfo['user_sig'] != $user_sig) $db->sql_query("UPDATE ".$prefix."_users SET user_sig = '".$user_sig."' WHERE LOWER(user_name) = '".$user_name."'");
if ($userinfo['user_viewemail'] != $user_allow_viewemail) $db->sql_query("UPDATE ".$prefix."_users SET user_viewemail = '".$user_allow_viewemail."' WHERE LOWER(user_name) = '".$user_name."'");
if ($userinfo['user_birthday'] != $user_birthday) $db->sql_query("UPDATE ".$prefix."_users SET user_birthday = '".$user_birthday."' WHERE LOWER(user_name) = '".$user_name."'");
}
function phpbb_update_pass($user_name, $newpass) {
global $db, $table_prefix, $board_config;
$user_name_clean = strtolower(str_replace('|', '|', $user_name));
$phpbb_password = phpbb_hash($newpass);
$db->sql_query("UPDATE ".$table_prefix."users SET user_password = '".$phpbb_password."', user_passchg = '".time()."' WHERE username_clean = '".$user_name_clean."'");
}
} elseif ($conf['forum'] == 'vb') {
include_once("forum/includes/config.php");
$table_prefix = $config['Database']['tableprefix'];
$fcookieprefix = $config['Misc']['cookieprefix'];
$fcookiesalt = $config['Misc']['cookie_security_hash'];
function log_in($user_name, $user_password) {
global $db, $conf, $table_prefix, $fcookieprefix, $fcookiesalt;
$user_name = strtolower(str_replace('|', '|', $user_name));
$user_password = md5($user_password);
$db->sql_query("SELECT userid, usergroupid, membergroupids, infractiongroupids, username, password, salt FROM ".$table_prefix."user WHERE LOWER(username) = '".$user_name."'");
if ($member = $db->sql_fetchrow()) {
if ($member['password'] != md5($user_password.$member['salt'])) {
return false;
}
$ip = substr($_SERVER['REMOTE_ADDR'], 0, 16);
$userag = getagent();
$session_idhash = md5($userag.$ip);
$scriptpath = $_SERVER['REQUEST_URI'] ? $_SERVER['REQUEST_URI'] : $_ENV['REQUEST_URI'];
$sessionhash = md5(time().$scriptpath.$session_idhash.$ip.mt_rand(1, 1000000));
$browser = substr($userag, 0, 64);
$old_s_id = text_filter($_COOKIE[$fcookieprefix."sessionhash"]);
if ($old_s_id != "") $db->sql_query("DELETE FROM ".$table_prefix."session WHERE sessionhash = '".$old_s_id."'");
$db->sql_query("INSERT INTO ".$table_prefix."session (sessionhash, userid, host, idhash, lastactivity, location, useragent, loggedin) VALUES ('$sessionhash', '".$member['userid']."', '$ip', '$session_idhash', '".time()."', '$scriptpath', '$browser', '1')");
setcookie($fcookieprefix."userid", $member['userid'], time() + intval($conf['user_c_t']));
setcookie($fcookieprefix."password", md5($member['password'].$fcookiesalt), time() + intval($conf['user_c_t']));
setcookie($fcookieprefix."sessionhash", $sessionhash, time() + intval($conf['user_c_t']));
} else {
return false;
}
}
function log_out() {
global $db, $table_prefix, $fcookieprefix;
$db->sql_query("DELETE FROM ".$table_prefix."session WHERE sessionhash='".text_filter($_COOKIE[$fcookieprefix.'sessionhash'])."'");
setcookie($fcookieprefix."userid", "");
setcookie($fcookieprefix."password", "");
setcookie($fcookieprefix."sessionhash", "");
return true;
}
function new_user($user_name, $user_password, $user_email) {
global $db, $table_prefix, $conf;
$user_password = md5($user_password);
$result = $db->sql_query("SELECT userid FROM ".$table_prefix."user WHERE LOWER(username)='" . strtolower($user_name) . "' OR email='" . $user_email . "'");
if ($db->sql_numrows($result)) {
return false;
}
list($last_id) = $db->sql_fetchrow($db->sql_query("SELECT userid FROM ".$table_prefix."user ORDER by userid DESC LIMIT 1") );
$new_id = $last_id + 1;
$ip = substr($_SERVER['REMOTE_ADDR'], 0, 16);
$salt = do_salt();
$pass = md5($user_password.$salt);
$passworddate = date("Y-m-d");
$db->sql_query("INSERT INTO ".$table_prefix."user (userid, usergroupid, username, password, passworddate, email, joindate, lastvisit, lastactivity, ipaddress, salt) VALUES ('$new_id', '2', '$user_name', '$pass', '$passworddate', '$user_email', '".time()."', '".time()."', '".time()."', '$ip', '$salt')");
$db->sql_query("INSERT INTO ".$table_prefix."userfield (userid) VALUES ('$new_id')");
$db->sql_query("INSERT INTO ".$table_prefix."usertextfield (userid) VALUES ('$new_id')");
$result = mysql_fetch_array ($db->sql_query("SELECT * FROM ".$table_prefix."datastore WHERE title='userstats'") );
$stats = unserialize($result['data']);
$stats['newusername'] = $user_name;
$stats['numbermembers'] = $stats['numbermembers']+1;
$stats['activemembers'] = $stats['activemembers']+1;
$stats['newuserid'] = $new_id;
$stats = serialize($stats);
$db->sql_query("UPDATE ".$table_prefix."datastore SET data='$stats' WHERE title='userstats'");
return true;
}
function check_user($user_name, $user_pass) {
global $db, $table_prefix;
$result = $db->sql_query("SELECT password, email, salt FROM ".$table_prefix."user WHERE LOWER(username)='".strtolower($user_name)."'");
$info = $db->sql_fetchrow($result);
if ($db->sql_numrows($result) == 1) {
$new_passhash = md5(md5($user_pass).$info['salt']);
if ($new_passhash == $info['password']) {
new_site_user($user_name, $user_pass, $info['email']);
} else {
return false;
}
} else {
return false;
}
}
function new_pass($user_name, $newpass, $user_email) {
global $db, $table_prefix, $conf;
$result = $db->sql_query("SELECT userid FROM ".$table_prefix."user WHERE LOWER(username)='" . strtolower($user_name) . "' AND email='" . $user_email . "'");
if ($db->sql_numrows($result) == 1) {
$info = $db->sql_fetchrow($result);
$salt = do_salt();
$pass = md5(md5($newpass).$salt);
$passworddate = date("Y-m-d");
$db->sql_query("UPDATE ".$table_prefix."user SET password='".$pass."', passworddate='".$passworddate."', salt='".$salt."' WHERE userid='".$info['userid']."'");
} else {
return false;
}
}
function do_salt($length = 3) {
$salt = '';
for ($i = 0; $i < $length; $i++) {
$salt .= chr(rand(32, 126));
}
return $salt;
}
} elseif ($conf['forum'] == 'smf') {
include_once("forum/Settings.php");
function log_in($user_name, $user_password) {
global $db, $conf, $db_prefix, $cookiename;
$user_name = strtolower($user_name);
$db->sql_query("SELECT passwd, ID_MEMBER, ID_GROUP, lngfile, is_activated, emailAddress, additionalGroups, memberName, passwordSalt FROM ".$db_prefix."members WHERE LOWER(memberName) = '".$user_name."'");
if ($member = $db->sql_fetchrow()) {
if ($member['passwd'] != sha1(strtolower($member['memberName']).un_htmlspecialchars(stripslashes($user_password))) AND $member['passwd'] != md5(md5($user_password).$member['passwordSalt'])) {
return false;
}
$data = serialize(array($member['ID_MEMBER'], sha1($member['passwd'].$member['passwordSalt']), time() + intval($conf['user_c_t']), 0));
setcookie($cookiename, $data, time() + intval($conf['user_c_t']));
} else {
return false;
}
}
function log_out() {
global $db, $db_prefix, $cookiename, $user;
$user_name = htmlspecialchars(substr($user[1], 0, 25));
list($forum_mem_id) = $db->sql_fetchrow($db->sql_query("SELECT ID_MEMBER FROM ".$db_prefix."members WHERE LOWER(memberName)='".strtolower($user_name)."'") );
if ($forum_mem_id) $db->sql_query("DELETE FROM ".$db_prefix."log_online WHERE ID_MEMBER ='$forum_mem_id'");
setcookie($cookiename, false);
return true;
}
function new_user($user_name, $user_password, $user_email) {
global $db, $db_prefix, $conf;
$user_password = md5($user_password);
$result = $db->sql_query("SELECT ID_MEMBER FROM ".$db_prefix."members WHERE LOWER(memberName)='" . strtolower($user_name) . "' OR emailAddress='" . $user_email . "'");
if ($db->sql_numrows($result)) {
return false;
}
list($last_id) = $db->sql_fetchrow($db->sql_query("SELECT ID_MEMBER FROM ".$db_prefix."members ORDER by ID_MEMBER DESC LIMIT 1") );
$new_id = $last_id + 1;
$salt = substr(md5(rand()), 0, 4);
$passwd = md5($user_password.$salt);
$ip = $_SERVER['REMOTE_ADDR'];
$db->sql_query("INSERT INTO ".$db_prefix."members (ID_MEMBER, memberName, emailAddress, passwd, passwordSalt, posts, dateRegistered, memberIP, memberIP2, realName, pm_email_notify, ID_THEME, ID_POST_GROUP) VALUES ('$new_id', '$user_name', '$user_email', '$passwd', '$salt', '0', '".time()."', '$ip', '$ip', '$user_name', '1', '0', '4')");
$db->sql_query("UPDATE ".$db_prefix."settings SET value='".time()."' WHERE variable='memberlist_updated'");
$db->sql_query("UPDATE ".$db_prefix."settings SET value='$new_id' WHERE variable='latestMember'");
$db->sql_query("UPDATE ".$db_prefix."settings SET value=value+1 WHERE variable='totalMembers'");
$db->sql_query("UPDATE ".$db_prefix."settings SET value='$user_name' WHERE variable='latestRealName'");
return true;
}
function check_user($user_name, $user_pass) {
global $db, $db_prefix;
$result = $db->sql_query("SELECT passwd, ID_MEMBER, emailAddress, memberName, passwordSalt FROM ".$db_prefix."members WHERE LOWER(memberName) = '".strtolower($user_name)."'");
$info = $db->sql_fetchrow($result);
if ($db->sql_numrows($result) == 1) {
if ($info['passwd'] == sha1(strtolower($info['memberName']).un_htmlspecialchars(stripslashes($user_pass))) OR $info['passwd'] == md5(md5($user_pass).$info['passwordSalt'])) {
new_site_user($user_name, $user_pass, $info['emailAddress']);
} else {
return false;
}
} else {
die('cad');
return false;
}
}
function new_pass($user_name, $newpass, $user_email) {
global $db, $table_prefix, $conf;
$result = $db->sql_query("SELECT ID_MEMBER FROM ".$table_prefix."members WHERE LOWER(memberName)='" . strtolower($user_name) . "' AND emailAddress='" . $user_email . "'");
if ($db->sql_numrows($result) == 1) {
$info = $db->sql_fetchrow($result);
$salt = substr(md5(rand()), 0, 4);
$passwd = md5(md5($newpass).$salt);
$db->sql_query("UPDATE ".$table_prefix."members SET passwd='".passwd."', passwordSalt='".$salt."' WHERE ID_MEMBER='".$info['ID_MEMBER']."'");
} else {
return false;
}
}
function un_htmlspecialchars($string) {
return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, ENT_QUOTES)) + array(''' => '\'', ' ' => ' '));
}
}
function new_site_user($user_name, $user_pass, $user_email) {
global $db, $prefix, $conf;
$user_password = htmlspecialchars(stripslashes(md5($user_pass)));
$user_name = text_filter($user_name);
$user_email = text_filter($user_email);
$result = $db->sql_query("SELECT * FROM ".$prefix."_users WHERE user_name='$user_name' OR user_email='$user_email'");
if ($db->sql_numrows($result)) return false;
$result = $db->sql_query("SELECT * FROM ".$prefix."_users_temp WHERE user_name='$user_name' OR user_email='$user_email'");
if ($db->sql_numrows($result)) return false;
$db->sql_query("INSERT INTO ".$prefix."_users (user_id, user_name, user_email, user_password, user_avatar, user_regdate, user_lang) VALUES (NULL, '$user_name', '$user_email', '$user_password', 'default/00.gif', now(), '".$conf['language']."')");
list($last_id, $user_storynum, $user_blockon, $user_theme) = $db->sql_fetchrow($db->sql_query("SELECT user_id, user_storynum, user_blockon, user_theme FROM ".$prefix."_users ORDER by user_id DESC LIMIT 1") );
setCookies($last_id, $user_name, $user_password, $user_storynum, $user_blockon, $user_theme);
$uip = getip();
$uagent = getagent();
$db->sql_query("DELETE FROM ".$prefix."_session WHERE uname='$uip' AND guest='0'");
$db->sql_query("UPDATE ".$prefix."_users SET user_last_ip='$uip', user_lastvisit=now(), user_agent='$uagent' WHERE user_name='$user_name'");
log_in($user_name,$user_pass);
return true;
}
?>