XMB PHP Cross Reference Discussion Forums

Source: /member.php - 834 lines - 37351 bytes - Summary - Text - Print

Description: eXtreme Message Board XMB 1.9.11

   1  <?php
   2  /**
   3   * eXtreme Message Board
   4   * XMB 1.9.11
   5   *
   6   * Developed And Maintained By The XMB Group
   7   * Copyright (c) 2001-2012, The XMB Group
   8   * http://www.xmbforum2.com/
   9   *
  10   * This program is free software; you can redistribute it and/or
  11   * modify it under the terms of the GNU General Public License
  12   * as published by the Free Software Foundation; either version 2
  13   * of the License, or (at your option) any later version.
  14   *
  15   * This program is distributed in the hope that it will be useful,
  16   * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18   * GNU General Public License for more details.
  19   *
  20   * You should have received a copy of the GNU General Public License
  21   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22   *
  23   **/
  24  
  25  define('X_SCRIPT', 'member.php');
  26  
  27  require  'header.php';
  28  
  29  loadtemplates(
  30  'member_coppa',
  31  'member_reg_rules',
  32  'member_reg_password',
  33  'member_reg_avatarurl',
  34  'member_reg_avatarlist',
  35  'member_reg',
  36  'member_reg_optional',
  37  'member_reg_captcha',
  38  'member_profile_email',
  39  'member_profile',
  40  'misc_feature_not_while_loggedin',
  41  'misc_feature_notavailable'
  42  );
  43  
  44  smcwcache();
  45  
  46  eval('$css = "'.template('css').'";');
  47  
  48  $action = postedVar('action', '', FALSE, FALSE, FALSE, 'g');
  49  switch($action) {
  50      case 'reg':
  51          nav($lang['textregister']);
  52          break;
  53      case 'viewpro':
  54          nav($lang['textviewpro']);
  55          break;
  56      case 'coppa':
  57          nav($lang['textcoppa']);
  58          break;
  59      default:
  60          header('HTTP/1.0 404 Not Found');
  61          error($lang['textnoaction']);
  62          break;
  63  }
  64  
  65  switch($action) {
  66      case 'coppa':
  67          eval('$header = "'.template('header').'";');
  68          if ($SETTINGS['regstatus'] == 'off') {
  69              header('HTTP/1.0 403 Forbidden');
  70              eval('$memberpage = "'.template('misc_feature_notavailable').'";');
  71          } elseif (X_MEMBER) {
  72              eval('$memberpage = "'.template('misc_feature_not_while_loggedin').'";');
  73          } else {
  74              if ($SETTINGS['coppa'] != 'on') {
  75                  redirect($full_url.'member.php?action=reg', 0);
  76              }
  77              if (onSubmit('coppasubmit')) {
  78                  redirect($full_url.'member.php?action=reg', 0);
  79              } else {
  80                  eval('$memberpage = "'.template('member_coppa').'";');
  81              }
  82          }
  83          break;
  84  
  85      case 'reg':
  86          if ($SETTINGS['pruneusers'] > 0) {
  87              $prunebefore = $onlinetime - (60 * 60 * 24 * $SETTINGS['pruneusers']);
  88              $db->query("DELETE FROM ".X_PREFIX."members WHERE lastvisit=0 AND regdate < $prunebefore AND status='Member'");
  89          }
  90  
  91          if ($SETTINGS['maxdayreg'] > 0) {
  92              $time = $onlinetime - 86400; // subtract 24 hours
  93              $query = $db->query("SELECT COUNT(uid) FROM ".X_PREFIX."members WHERE regdate > $time");
  94              if ($db->result($query, 0) > $SETTINGS['maxdayreg']) {
  95                  error($lang['max_regs']);
  96              }
  97              $db->free_result($query);
  98          }
  99  
 100          eval('$header = "'.template('header').'";');
 101  
 102          if ($SETTINGS['regstatus'] == 'off') {
 103              header('HTTP/1.0 403 Forbidden');
 104              eval('$memberpage = "'.template('misc_feature_notavailable').'";');
 105          } elseif (X_MEMBER) {
 106              eval('$memberpage = "'.template('misc_feature_not_while_loggedin').'";');
 107          } elseif (noSubmit('regsubmit')) {
 108              if ($SETTINGS['bbrules'] == 'on' && noSubmit('rulesubmit')) {
 109                  $SETTINGS['bbrulestxt'] = nl2br($SETTINGS['bbrulestxt']);
 110                  eval('$memberpage = "'.template('member_reg_rules').'";');
 111              } else {
 112                  $currdate = gmdate($timecode, $onlinetime+ ($addtime * 3600));
 113                  eval($lang['evaloffset']);
 114  
 115                  $themelist = array();
 116                  $themelist[] = '<select name="thememem">';
 117                  $themelist[] = '<option value="0">'.$lang['textusedefault'].'</option>';
 118                  $query = $db->query("SELECT themeid, name FROM ".X_PREFIX."themes ORDER BY name ASC");
 119                  while($themeinfo = $db->fetch_array($query)) {
 120                      $themelist[] = '<option value="'.intval($themeinfo['themeid']).'">'.$themeinfo['name'].'</option>';
 121                  }
 122                  $themelist[] = '</select>';
 123                  $themelist = implode("\n", $themelist);
 124                  $db->free_result($query);
 125  
 126                  $langfileselect = createLangFileSelect($langfile);
 127  
 128                  $dayselect = array();
 129                  $dayselect[] = '<select name="day">';
 130                  $dayselect[] = '<option value="">&nbsp;</option>';
 131                  for($num = 1; $num <= 31; $num++) {
 132                      $dayselect[] = '<option value="'.$num.'">'.$num.'</option>';
 133                  }
 134                  $dayselect[] = '</select>';
 135                  $dayselect = implode("\n", $dayselect);
 136  
 137                  if ($SETTINGS['sigbbcode'] == 'on') {
 138                      $bbcodeis = $lang['texton'];
 139                  } else {
 140                      $bbcodeis = $lang['textoff'];
 141                  }
 142  
 143                  if ($SETTINGS['sightml'] == 'on') {
 144                      $htmlis = $lang['texton'];
 145                  } else {
 146                      $htmlis = $lang['textoff'];
 147                  }
 148  
 149                  $pwtd = '';
 150                  if ($SETTINGS['emailcheck'] == 'off') {
 151                      eval('$pwtd = "'.template('member_reg_password').'";');
 152                  }
 153  
 154                  if ($SETTINGS['timeformat'] == 24) {
 155                      $timeFormat12Checked = '';
 156                      $timeFormat24Checked = $cheHTML;
 157                  } else {
 158                      $timeFormat12Checked = $cheHTML;
 159                      $timeFormat24Checked = '';
 160                  }
 161  
 162                  $timezone1 = $timezone2 = $timezone3 = $timezone4 = $timezone5 = $timezone6 = '';
 163                  $timezone7 = $timezone8 = $timezone9 = $timezone10 = $timezone11 = $timezone12 = '';
 164                  $timezone13 = $timezone14 = $timezone15 = $timezone16 = $timezone17 = $timezone18 = '';
 165                  $timezone19 = $timezone20 = $timezone21 = $timezone22 = $timezone23 = $timezone24 = '';
 166                  $timezone25 = $timezone26 = $timezone27 = $timezone28 = $timezone29 = $timezone30 = '';
 167                  $timezone31 = $timezone32 = $timezone33 = '';
 168                  switch($SETTINGS['def_tz']) {
 169                      case '-12.00':
 170                          $timezone1 = $selHTML;
 171                          break;
 172                      case '-11.00':
 173                          $timezone2 = $selHTML;
 174                          break;
 175                      case '-10.00':
 176                          $timezone3 = $selHTML;
 177                          break;
 178                      case '-9.00':
 179                          $timezone4 = $selHTML;
 180                          break;
 181                      case '-8.00':
 182                          $timezone5 = $selHTML;
 183                          break;
 184                      case '-7.00':
 185                          $timezone6 = $selHTML;
 186                          break;
 187                      case '-6.00':
 188                          $timezone7 = $selHTML;
 189                          break;
 190                      case '-5.00':
 191                          $timezone8 = $selHTML;
 192                          break;
 193                      case '-4.00':
 194                          $timezone9 = $selHTML;
 195                          break;
 196                      case '-3.50':
 197                          $timezone10 = $selHTML;
 198                          break;
 199                      case '-3.00':
 200                          $timezone11 = $selHTML;
 201                          break;
 202                      case '-2.00':
 203                          $timezone12 = $selHTML;
 204                          break;
 205                      case '-1.00':
 206                          $timezone13 = $selHTML;
 207                          break;
 208                      case '1.00':
 209                          $timezone15 = $selHTML;
 210                          break;
 211                      case '2.00':
 212                          $timezone16 = $selHTML;
 213                          break;
 214                      case '3.00':
 215                          $timezone17 = $selHTML;
 216                          break;
 217                      case '3.50':
 218                          $timezone18 = $selHTML;
 219                          break;
 220                      case '4.00':
 221                          $timezone19 = $selHTML;
 222                          break;
 223                      case '4.50':
 224                          $timezone20 = $selHTML;
 225                          break;
 226                      case '5.00':
 227                          $timezone21 = $selHTML;
 228                          break;
 229                      case '5.50':
 230                          $timezone22 = $selHTML;
 231                          break;
 232                      case '5.75':
 233                          $timezone23 = $selHTML;
 234                          break;
 235                      case '6.00':
 236                          $timezone24 = $selHTML;
 237                          break;
 238                      case '6.50':
 239                          $timezone25 = $selHTML;
 240                          break;
 241                      case '7.00':
 242                          $timezone26 = $selHTML;
 243                          break;
 244                      case '8.00':
 245                          $timezone27 = $selHTML;
 246                          break;
 247                      case '9.00':
 248                          $timezone28 = $selHTML;
 249                          break;
 250                      case '9.50':
 251                          $timezone29 = $selHTML;
 252                          break;
 253                      case '10.00':
 254                          $timezone30 = $selHTML;
 255                          break;
 256                      case '11.00':
 257                          $timezone31 = $selHTML;
 258                          break;
 259                      case '12.00':
 260                          $timezone32 = $selHTML;
 261                          break;
 262                      case '13.00':
 263                          $timezone33 = $selHTML;
 264                          break;
 265                      case '0.00':
 266                      default:
 267                          $timezone14 = $selHTML;
 268                          break;
 269                  }
 270  
 271                  $avatd = '';
 272                  if ($SETTINGS['avastatus'] == 'on') {
 273                      eval('$avatd = "'.template('member_reg_avatarurl').'";');
 274                  } else if ($SETTINGS['avastatus'] == 'list') {
 275                      $avatars = array();
 276                      $avatars[] = '<option value=""/>'.$lang['textnone'].'</option>';
 277                      $dirHandle = opendir(ROOT.'images/avatars');
 278                      while($avFile = readdir($dirHandle)) {
 279                          if (is_file(ROOT.'images/avatars/'.$avFile) && $avFile != '.' && $avFile != '..' && $avFile != 'index.html') {
 280                              $avatars[] = '<option value="./images/avatars/'.$avFile.'" />'.$avFile.'</option>';
 281                          }
 282                      }
 283                      closedir($dirHandle);
 284                      $avatars = implode("\n", str_replace('value="'.$member['avatar'].'"', 'value="'.$member['avatar'].'" selected="selected"', $avatars));
 285                      eval('$avatd = "'.template('member_reg_avatarlist').'";');
 286                  }
 287  
 288                  if (empty($dformatorig)) {
 289                      $dformatorig = $SETTINGS['dateformat'];
 290                  }
 291  
 292                  $regoptional = '';
 293                  if ($SETTINGS['regoptional'] == 'on') {
 294                      eval('$regoptional = "'.template('member_reg_optional').'";');
 295                  }
 296  
 297                  $captcharegcheck = '';
 298                  if ($SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_reg_status'] == 'on') {
 299                      require  ROOT.'include/captcha.inc.php';
 300                      $Captcha = new Captcha();
 301                      if ($Captcha->bCompatible !== false) {
 302                          $imghash = $Captcha->GenerateCode();
 303                          if ($SETTINGS['captcha_code_casesensitive'] == 'off') {
 304                              $lang['captchacaseon'] = '';
 305                          }
 306                          eval('$captcharegcheck = "'.template('member_reg_captcha').'";');
 307                      }
 308                  }
 309                  eval('$memberpage = "'.template('member_reg').'";');
 310              }
 311          } else {
 312              $username = trim(postedVar('username', '', TRUE, FALSE));
 313  
 314              if (strlen($username) < 3 || strlen($username) > 32) {
 315                  error($lang['username_length_invalid']);
 316              }
 317  
 318              $nonprinting = '\\x00-\\x1F\\x7F';  //Universal chars that are invalid.
 319              $specials = '\\]\'<>\\\\|"[,@';  //Other universal chars disallowed by XMB: []'"<>\|,@
 320              $sequences = '|  ';  //Phrases disallowed, each separated by '|'
 321              $icharset = strtoupper($charset);
 322              if (substr($icharset, 0, 8) == 'ISO-8859') {
 323                  if ($icharset == 'ISO-8859-11') {
 324                      $nonprinting .= '-\\x9F\\xDB-\\xDE\\xFC-\\xFF';  //More chars invalid for the Thai set.
 325                  } else {
 326                      $nonprinting .= '-\\x9F\\xAD';  //More chars invalid for all ISO 8859 sets except Part 11 (Thai).
 327                  }
 328              } elseif (substr($icharset, 0, 11) == 'WINDOWS-125') {
 329                  $nonprinting .= '\\xAD';  //More chars invalid for all Windows code pages.
 330              }
 331  
 332              if ($_POST['username'] != preg_replace("#[{$nonprinting}{$specials}]{$sequences}#", '', $_POST['username'])) {
 333                  error($lang['restricted']);
 334              }
 335  
 336              $username = trim(postedVar('username'));
 337  
 338              if ($SETTINGS['ipreg'] != 'off') {
 339                  $time = $onlinetime-86400;
 340                  $query = $db->query("SELECT uid FROM ".X_PREFIX."members WHERE regip='$onlineip' AND regdate >= $time");
 341                  if ($db->num_rows($query) >= 1) {
 342                      error($lang['reg_today']);
 343                  }
 344                  $db->free_result($query);
 345              }
 346  
 347              $email = postedVar('email', 'javascript', TRUE, TRUE, TRUE);
 348              if ($SETTINGS['doublee'] == 'off' && false !== strpos($email, "@")) {
 349                  $email1 = ", email";
 350                  $email2 = "OR email='$email'";
 351              } else {
 352                  $email1 = '';
 353                  $email2 = '';
 354              }
 355  
 356              $query = $db->query("SELECT username$email1 FROM ".X_PREFIX."members WHERE username='$username' $email2");
 357              if ($member = $db->fetch_array($query)) {
 358                  $db->free_result($query);
 359                  error($lang['alreadyreg']);
 360              }
 361  
 362              $postcount = $db->result($db->query("SELECT COUNT(pid) FROM ".X_PREFIX."posts WHERE author='$username'"), 0);
 363              if (intval($postcount) > 0) {
 364                  error($lang['alreadyreg']);
 365              }
 366  
 367              if ($SETTINGS['emailcheck'] == 'on') {
 368                  $password = '';
 369                  $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz";
 370                  mt_srand((double)microtime() * 1000000);
 371                  $get = strlen($chars) - 1;
 372                  for($i = 0; $i < 8; $i++) {
 373                      $password .= $chars[mt_rand(0, $get)];
 374                  }
 375                  $password2 = $password;
 376              } elseif (!isset($_POST['password']) Or !isset($_POST['password2'])) {
 377                  error($lang['textpw1']);
 378              } else {
 379                  $password = $_POST['password'];
 380                  $password2 = $_POST['password2'];
 381              }
 382  
 383              if ($password != $password2) {
 384                  error($lang['pwnomatch']);
 385              }
 386  
 387              $fail = false;
 388              $efail = false;
 389              $query = $db->query("SELECT * FROM ".X_PREFIX."restricted");
 390              while($restriction = $db->fetch_array($query)) {
 391                  $t_username = $username;
 392                  $t_email = $email;
 393                  if ($restriction['case_sensitivity'] == 0) {
 394                      $t_username = strtolower($t_username);
 395                      $t_email = strtolower($t_email);
 396                      $restriction['name'] = strtolower($restriction['name']);
 397                  }
 398  
 399                  if ($restriction['partial'] == 1) {
 400                      if (strpos($t_username, $restriction['name']) !== false) {
 401                          $fail = true;
 402                      }
 403  
 404                      if (strpos($t_email, $restriction['name']) !== false) {
 405                          $efail = true;
 406                      }
 407                  } else {
 408                      if ($t_username == $restriction['name']) {
 409                          $fail = true;
 410                      }
 411  
 412                      if ($t_email == $restriction['name']) {
 413                          $efail = true;
 414                      }
 415                  }
 416              }
 417              $db->free_result($query);
 418  
 419              if ($fail) {
 420                  error($lang['restricted']);
 421              }
 422  
 423              if ($efail) {
 424                  error($lang['emailrestricted']);
 425              }
 426  
 427              require  ROOT.'include/validate-email.inc.php';
 428              $test = new EmailAddressValidator();
 429              $rawemail = postedVar('email', '', FALSE, FALSE);
 430              if (false === $test->check_email_address($rawemail)) {
 431                  error($lang['bademail']);
 432              }
 433  
 434              if ($password == '' || strpos($password, '"') != false || strpos($password, "'") != false) {
 435                  error($lang['textpw1']);
 436              }
 437  
 438              if ($username == '') {
 439                  error($lang['textnousername']);
 440              }
 441  
 442              if ($SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_reg_status'] == 'on') {
 443                  require  ROOT.'include/captcha.inc.php';
 444                  $Captcha = new Captcha();
 445                  if ($Captcha->bCompatible !== false) {
 446                      $imghash = postedVar('imghash', '', FALSE, TRUE);
 447                      $imgcode = postedVar('imgcode', '', FALSE, FALSE);
 448                      if ($Captcha->ValidateCode($imgcode, $imghash) !== true) {
 449                          error($lang['captchaimageinvalid']);
 450                      }
 451                  }
 452              }
 453  
 454              $langfilenew = postedVar('langfilenew');
 455              $result = $db->query("SELECT devname FROM ".X_PREFIX."lang_base WHERE devname='$langfilenew'");
 456              if ($db->num_rows($result) == 0) {
 457                  $langfilenew = $SETTINGS['langfile'];
 458              }
 459  
 460              $query = $db->query("SELECT COUNT(uid) FROM ".X_PREFIX."members");
 461              $count1 = $db->result($query,0);
 462              $db->free_result($query);
 463  
 464              $self['status'] = ($count1 != 0) ? 'Member' : 'Super Administrator';
 465  
 466              $timeoffset1 = isset($_POST['timeoffset1']) && is_numeric($_POST['timeoffset1']) ? $_POST['timeoffset1'] : 0;
 467              $thememem = formInt('thememem');
 468              $tpp = formInt('tpp');
 469              $ppp = formInt('ppp');
 470              $showemail = formYesNo('showemail');
 471              $newsletter = formYesNo('newsletter');
 472              $saveogu2u = formYesNo('saveogu2u');
 473              $emailonu2u = formYesNo('emailonu2u');
 474              $useoldu2u = formYesNo('useoldu2u');
 475              $u2ualert = formInt('u2ualert');
 476              $year = formInt('year');
 477              $month = formInt('month');
 478              $day = formInt('day');
 479              $bday = iso8601_date($year, $month, $day);
 480  
 481              $dateformatnew = postedVar('dateformatnew', '', FALSE, TRUE);
 482              $dateformattest = attrOut($dateformatnew, 'javascript');  // NEVER allow attribute-special data in the date format because it can be unescaped using the date() parser.
 483              if (strlen($dateformatnew) == 0 Or $dateformatnew != $dateformattest) {
 484                  $dateformatnew = $SETTINGS['dateformat'];
 485              }
 486              unset($dateformattest);
 487  
 488              $timeformatnew = formInt('timeformatnew');
 489              if ($timeformatnew != 12 And $timeformatnew != 24) {
 490                  $timeformatnew = $SETTINGS['timeformat'];
 491              }
 492  
 493              $password = md5($password);
 494  
 495              if ($SETTINGS['regoptional'] == 'off') {
 496                  $db->query("INSERT INTO ".X_PREFIX."members (username, password, regdate, postnum, email, site, aim, status, location, bio, sig, showemail, timeoffset, icq, avatar, yahoo, customstatus, theme, bday, langfile, tpp, ppp, newsletter, regip, timeformat, msn, ban, dateformat, ignoreu2u, lastvisit, mood, pwdate, invisible, u2ufolders, saveogu2u, emailonu2u, useoldu2u, u2ualert) VALUES ('$username', '$password', ".$db->time($onlinetime).", 0, '$email', '', '', '$self[status]', '', '', '', '$showemail', '$timeoffset1', '', '', '', '', $thememem, '$bday', '$langfilenew', $tpp, $ppp, '$newsletter', '$onlineip', $timeformatnew, '', '', '$dateformatnew', '', 0, '', 0, '0', '', '$saveogu2u', '$emailonu2u', '$useoldu2u', $u2ualert)");
 497              } else {
 498                  $location = postedVar('location', 'javascript', TRUE, TRUE, TRUE);
 499                  $icq = postedVar('icq', '', FALSE, FALSE);
 500                  $icq = ($icq && is_numeric($icq) && $icq > 0) ? $icq : 0;
 501                  $yahoo = postedVar('yahoo', 'javascript', TRUE, TRUE, TRUE);
 502                  $aim = postedVar('aim', 'javascript', TRUE, TRUE, TRUE);
 503                  $msn = postedVar('msn', 'javascript', TRUE, TRUE, TRUE);
 504                  $site = postedVar('site', 'javascript', TRUE, TRUE, TRUE);
 505                  $bio = postedVar('bio', 'javascript', TRUE, TRUE, TRUE);
 506                  $mood = postedVar('mood', 'javascript', TRUE, TRUE, TRUE);
 507                  $sig = postedVar('sig', 'javascript', ($SETTINGS['sightml']=='off'), TRUE, TRUE);
 508  
 509                  if ($SETTINGS['avastatus'] == 'on') {
 510                      $avatar = postedVar('newavatar', 'javascript', TRUE, TRUE, TRUE);
 511                      $rawavatar = postedVar('newavatar', '', FALSE, FALSE);
 512  
 513                      $newavatarcheck = postedVar('newavatarcheck');
 514  
 515                      $max_size = explode('x', $SETTINGS['max_avatar_size']);
 516  
 517                      if (preg_match('#^(http|ftp)://[:a-z\\./_\-0-9%~]+(\?[a-z=0-9&_\-;~]*)?$#Smi', $rawavatar) == 0) {
 518                          $avatar = '';
 519                      } elseif (ini_get('allow_url_fopen')) {
 520                          if ($max_size[0] > 0 And $max_size[1] > 0 And strlen($rawavatar) > 0) {
 521                              $size = @getimagesize($rawavatar);
 522                              if ($size === FALSE) {
 523                                  $avatar = '';
 524                              } elseif (($size[0] > $max_size[0] && $max_size[0] > 0) || ($size[1] > $max_size[1] && $max_size[1] > 0)) {
 525                                  error($lang['avatar_too_big'] . $SETTINGS['max_avatar_size'] . 'px');
 526                              }
 527                          }
 528                      } elseif ($newavatarcheck == "no") {
 529                          $avatar = '';
 530                      }
 531                      unset($rawavatar);
 532                  } elseif ($SETTINGS['avastatus'] == 'list') {
 533                      $rawavatar = postedVar('newavatar', '', FALSE, FALSE);
 534                      $dirHandle = opendir(ROOT.'images/avatars');
 535                      $filefound = FALSE;
 536                      while($avFile = readdir($dirHandle)) {
 537                          if ($rawavatar == './images/avatars/'.$avFile) {
 538                              if (is_file(ROOT.'images/avatars/'.$avFile) && $avFile != '.' && $avFile != '..' && $avFile != 'index.html') {
 539                                  $filefound = TRUE;
 540                              }
 541                          }
 542                      }
 543                      closedir($dirHandle);
 544                      unset($rawavatar);
 545                      if ($filefound) {
 546                          $avatar = postedVar('newavatar', 'javascript', TRUE, TRUE, TRUE);
 547                      } else {
 548                          $avatar = '';
 549                      }
 550                  } else {
 551                      $avatar = '';
 552                  }
 553  
 554                  $db->query("INSERT INTO ".X_PREFIX."members (username, password, regdate, postnum, email, site, aim, status, location, bio, sig, showemail, timeoffset, icq, avatar, yahoo, customstatus, theme, bday, langfile, tpp, ppp, newsletter, regip, timeformat, msn, ban, dateformat, ignoreu2u, lastvisit, mood, pwdate, invisible, u2ufolders, saveogu2u, emailonu2u, useoldu2u, u2ualert) VALUES ('$username', '$password', ".$db->time($onlinetime).", 0, '$email', '$site', '$aim', '$self[status]', '$location', '$bio', '$sig', '$showemail', '$timeoffset1', '$icq', '$avatar', '$yahoo', '', $thememem, '$bday', '$langfilenew', $tpp, $ppp, '$newsletter', '$onlineip', $timeformatnew, '$msn', '', '$dateformatnew', '', 0, '$mood', 0, '0', '', '$saveogu2u', '$emailonu2u', '$useoldu2u', $u2ualert)");
 555              }
 556  
 557              $lang2 = loadPhrases(array('charset','textnewmember','textnewmember2','textyourpw','textyourpwis','textusername','textpassword'));
 558  
 559              if ($SETTINGS['notifyonreg'] != 'off') {
 560                  $mailquery = $db->query("SELECT username, email, langfile FROM ".X_PREFIX."members WHERE status = 'Super Administrator'");
 561                  while($admin = $db->fetch_array($mailquery)) {
 562                      $translate = $lang2[$admin['langfile']];
 563                      if ($SETTINGS['notifyonreg'] == 'u2u') {
 564                          $db->query("INSERT INTO ".X_PREFIX."u2u (u2uid, msgto, msgfrom, type, owner, folder, subject, message, dateline, readstatus, sentstatus) VALUES ('', '$admin[username]', '".$db->escape($bbname)."', 'incoming', '$admin[username]', 'Inbox', '$translate[textnewmember]', '$translate[textnewmember2]', '".$onlinetime."', 'no', 'yes')");
 565                      } else {
 566                          $rawuser = postedVar('username', '', FALSE, FALSE);
 567                          $rawbbname = htmlspecialchars_decode($bbname, ENT_NOQUOTES);
 568                          $headers = array();
 569                          $headers[] = smtpHeaderFrom($rawbbname, $adminemail);
 570                          $headers[] = 'X-Mailer: PHP';
 571                          $headers[] = 'X-AntiAbuse: Board servername - '.$cookiedomain;
 572                          $headers[] = 'X-AntiAbuse: Username - '.$rawuser;
 573                          $headers[] = 'Content-Type: text/plain; charset='.$translate['charset'];
 574                          $headers = implode("\r\n", $headers);
 575  
 576                          $adminemail = htmlspecialchars_decode($admin['email'], ENT_QUOTES);
 577                          altMail($adminemail, $translate['textnewmember'], $translate['textnewmember2']."\n\n$full_url", $headers);
 578                      }
 579                  }
 580                  $db->free_result($mailquery);
 581              }
 582  
 583              if ($SETTINGS['emailcheck'] == 'on') {
 584                  $translate = $lang2[$langfilenew];
 585                  $username = trim(postedVar('username', '', FALSE, FALSE));
 586                  $rawbbname = htmlspecialchars_decode($bbname, ENT_NOQUOTES);
 587                  $headers = array();
 588                  $headers[] = smtpHeaderFrom($rawbbname, $adminemail);
 589                  $headers[] = 'X-Mailer: PHP';
 590                  $headers[] = 'X-AntiAbuse: Board servername - '.$cookiedomain;
 591                  $headers[] = 'X-AntiAbuse: Username - '.$username;
 592                  $headers[] = 'Content-Type: text/plain; charset='.$translate['charset'];
 593                  $headers = implode("\r\n", $headers);
 594                  altMail($rawemail, '['.$rawbbname.'] '.$translate['textyourpw'], "{$translate['textyourpwis']} \n\n{$translate['textusername']} $username\n{$translate['textpassword']} $password2\n\n$full_url", $headers);
 595              } else {
 596                  $username = trim(postedVar('username', '', TRUE, FALSE));
 597                  $currtime = $onlinetime + (86400*30);
 598                  put_cookie("xmbuser", $username, $currtime, $cookiepath, $cookiedomain);
 599                  put_cookie("xmbpw", $password, $currtime, $cookiepath, $cookiedomain);
 600              }
 601              $memberpage = ($SETTINGS['emailcheck'] == 'on') ? "<center><span class=\"mediumtxt \">$lang[emailpw]</span></center>" : "<center><span class=\"mediumtxt \">$lang[regged]</span></center>";
 602  
 603              redirect($full_url);
 604          }
 605          break;
 606  
 607      case 'viewpro':
 608          $member = postedVar('member', '', TRUE, FALSE, FALSE, 'g');
 609          if (strlen($member) < 3 || strlen($member) > 32) {
 610              header('HTTP/1.0 404 Not Found');
 611              error($lang['nomember']);
 612          }
 613  
 614          $member = postedVar('member', '', TRUE, TRUE, FALSE, 'g');
 615  
 616          $query = $db->query("SELECT * FROM ".X_PREFIX."members WHERE username='$member'");
 617          if ($db->num_rows($query) != 1) {
 618              header('HTTP/1.0 404 Not Found');
 619              error($lang['nomember']);
 620          }
 621          $memberinfo = $db->fetch_array($query);
 622          $memberinfo['password'] = '';
 623          $db->free_result($query);
 624  
 625          if ($memberinfo['status'] == 'Banned') {
 626              $memberinfo['avatar'] = '';
 627              $rank = array(
 628              'title' => 'Banned',
 629              'posts' => 0,
 630              'id' => 0,
 631              'stars' => 0,
 632              'allowavatars' => 'no',
 633              'avatarrank' => ''
 634              );
 635          } else {
 636              if ($memberinfo['status'] == 'Administrator' || $memberinfo['status'] == 'Super Administrator' || $memberinfo['status'] == 'Super Moderator' || $memberinfo['status'] == 'Moderator') {
 637                  $limit = "title = '$memberinfo[status]'";
 638              } else {
 639                  $limit = "posts <= '$memberinfo[postnum]' AND title != 'Super Administrator' AND title != 'Administrator' AND title != 'Super Moderator' AND title != 'Moderator'";
 640              }
 641  
 642              $rank = $db->fetch_array($db->query("SELECT * FROM ".X_PREFIX."ranks WHERE $limit ORDER BY posts DESC LIMIT 1"));
 643          }
 644  
 645          eval('$header = "'.template('header').'";');
 646  
 647          $encodeuser = recodeOut($memberinfo['username']);
 648          if (X_GUEST) {
 649              $memberlinks = '';
 650          } else {
 651              $memberlinks = " <small>(<a href=\"u2u.php?action=send&amp;username=$encodeuser\" onclick=\"Popup(this.href, 'Window', 700, 450); return false;\">{$lang['textu2u']}</a>)&nbsp;&nbsp;(<a href=\"buddy.php?action=add&amp;buddys=$encodeuser\" onclick=\"Popup(this.href, 'Window', 450, 400); return false;\">{$lang['addtobuddies']}</a>)</small>";
 652          }
 653  
 654          $daysreg = ($onlinetime - $memberinfo['regdate']) / (24*3600);
 655          if ($daysreg > 1) {
 656              $ppd = $memberinfo['postnum'] / $daysreg;
 657              $ppd = round($ppd, 2);
 658          } else {
 659              $ppd = $memberinfo['postnum'];
 660          }
 661  
 662          $memberinfo['regdate'] = gmdate($dateformat , $memberinfo['regdate'] + ($addtime * 3600) + ($timeoffset * 3600));
 663  
 664          if (strpos($memberinfo['site'], 'http') === false) {
 665              $memberinfo['site'] = "http://$memberinfo[site]";
 666          }
 667  
 668          if ($memberinfo['site'] != 'http://') {
 669              $site = $memberinfo['site'];
 670          } else {
 671              $site = '';
 672          }
 673  
 674          if (X_MEMBER && $memberinfo['email'] != '' && $memberinfo['showemail'] == 'yes') {
 675              $email = $memberinfo['email'];
 676          } else {
 677              $email = '';
 678          }
 679  
 680          $rank['avatarrank'] = trim($rank['avatarrank']);
 681          $memberinfo['avatar'] = trim($memberinfo['avatar']);
 682  
 683          if ($rank['avatarrank'] != '') {
 684              $rank['avatarrank'] = '<img src="'.$rank['avatarrank'].'" alt="'.$lang['altavatar'].'" border="0" />';
 685          }
 686  
 687          if ($memberinfo['avatar'] != '') {
 688              $memberinfo['avatar'] = '<img src="'.$memberinfo['avatar'].'" alt="'.$lang['altavatar'].'" border="0" />';
 689          }
 690  
 691          if ($rank['avatarrank'] || $memberinfo['avatar']) {
 692              if (isset($site) && strlen(trim($site)) > 0) {
 693                  $sitelink = $site;
 694              } else {
 695                  $sitelink = "about:blank";
 696              }
 697          } else {
 698              $sitelink = "about:blank";
 699          }
 700  
 701          $showtitle = $rank['title'];
 702          $stars = str_repeat('<img src="'.$imgdir.'/star.gif" alt="*" border="0" />', $rank['stars']);
 703  
 704          if ($memberinfo['customstatus'] != '') {
 705              $showtitle = $rank['title'];
 706              $customstatus = '<br />'.censor($memberinfo['customstatus']);
 707          } else {
 708              $showtitle = $rank['title'];
 709              $customstatus = '';
 710          }
 711  
 712          if (!($memberinfo['lastvisit'] > 0)) {
 713              $lastmembervisittext = $lang['textpendinglogin'];
 714          } else {
 715              $lastvisitdate = gmdate($dateformat, $memberinfo['lastvisit'] + ($timeoffset * 3600) + ($addtime * 3600));
 716              $lastvisittime = gmdate($timecode, $memberinfo['lastvisit'] + ($timeoffset * 3600) + ($addtime * 3600));
 717              $lastmembervisittext = $lastvisitdate.' '.$lang['textat'].' '.$lastvisittime;
 718          }
 719  
 720          $query = $db->query("SELECT COUNT(pid) FROM ".X_PREFIX."posts");
 721          $posts = $db->result($query, 0);
 722          $db->free_result($query);
 723  
 724          $posttot = $posts;
 725          if ($posttot == 0) {
 726              $percent = '0';
 727          } else {
 728              $percent = $memberinfo['postnum']*100/$posttot;
 729              $percent = round($percent, 2);
 730          }
 731  
 732          $memberinfo['bio'] = nl2br(rawHTMLsubject($memberinfo['bio']));
 733  
 734          $emailblock = '';
 735          if ($memberinfo['showemail'] == 'yes') {
 736              eval('$emailblock = "'.template('member_profile_email').'";');
 737          }
 738  
 739          if (X_SADMIN) {
 740              $admin_edit = "<br />$lang[adminoption] <a href=\"./editprofile.php?user=$encodeuser\">$lang[admin_edituseraccount]</a>";
 741          } else {
 742              $admin_edit = NULL;
 743          }
 744  
 745          if ($memberinfo['mood'] != '') {
 746              $memberinfo['mood'] = postify($memberinfo['mood'], 'no', 'no', 'yes', 'no', 'yes', 'no', true, 'yes');
 747          } else {
 748              $memberinfo['mood'] = '';
 749          }
 750  
 751          $memberinfo['location'] = rawHTMLsubject($memberinfo['location']);
 752          $memberinfo['aim'] = censor($memberinfo['aim']);
 753          $memberinfo['aimrecode'] = recodeOut($memberinfo['aim']);
 754          $memberinfo['icq'] = ($memberinfo['icq'] > 0) ? $memberinfo['icq'] : '';
 755          $memberinfo['yahoo'] = censor($memberinfo['yahoo']);
 756          $memberinfo['yahoorecode'] = recodeOut($memberinfo['yahoo']);
 757          $memberinfo['msn'] = censor($memberinfo['msn']);
 758          $memberinfo['msnrecode'] = recodeOut($memberinfo['msn']);
 759  
 760          if ($memberinfo['bday'] === iso8601_date(0,0,0)) {
 761              $memberinfo['bday'] = $lang['textnone'];
 762          } else {
 763              $memberinfo['bday'] = printGmDate(MakeTime(12,0,0,substr($memberinfo['bday'],5,2),substr($memberinfo['bday'],8,2),substr($memberinfo['bday'],0,4)), $dateformat, -$timeoffset);
 764          }
 765  
 766          // Forum most active in
 767          $fids = permittedForums(forumCache(), 'thread', 'csv');
 768          if (strlen($fids) > 0) {
 769              $query = $db->query(
 770                  "SELECT fid, COUNT(*) AS posts
 771                   FROM ".X_PREFIX."posts
 772                   WHERE author='$member' AND fid IN ($fids)
 773                   GROUP BY fid
 774                   HAVING COUNT(*) > 0
 775                   ORDER BY COUNT(*) DESC
 776                   LIMIT 1"
 777              );
 778              $found = ($db->num_rows($query) == 1);
 779          } else {
 780              $found = FALSE;
 781          }
 782  
 783          if ($found) {
 784              $row = $db->fetch_array($query);
 785              $posts = $row['posts'];
 786              $forum = getForum($row['fid']);
 787              $topforum = "<a href='./forumdisplay.php?fid={$forum['fid']}'>".fnameOut($forum['name'])."</a> ($posts {$lang['memposts']}) [".round(($posts/$memberinfo['postnum'])*100, 1)."% {$lang['textoftotposts']}]";
 788          } else {
 789              $topforum = $lang['textnopostsyet'];
 790          }
 791  
 792          // Last post
 793          if (strlen($fids) > 0) {
 794              $pq = $db->query(
 795                  "SELECT p.tid, t.subject, p.dateline, p.pid
 796                   FROM ".X_PREFIX."posts AS p
 797                   INNER JOIN ".X_PREFIX."threads AS t USING (tid)
 798                   WHERE p.author='$member' AND p.fid IN ($fids)
 799                   ORDER BY p.dateline DESC
 800                   LIMIT 1"
 801              );
 802              $lpfound = ($db->num_rows($pq) == 1);
 803          } else {
 804              $lpfound = FALSE;
 805          }
 806          if ($lpfound) {
 807              $post = $db->fetch_array($pq);
 808  
 809              $lastpostdate = gmdate($dateformat, $post['dateline'] + ($timeoffset * 3600) + ($SETTINGS['addtime'] * 3600));
 810              $lastposttime = gmdate($timecode, $post['dateline'] + ($timeoffset * 3600) + ($SETTINGS['addtime'] * 3600));
 811              $lastposttext = $lastpostdate.' '.$lang['textat'].' '.$lastposttime;
 812              $lpsubject = rawHTMLsubject(stripslashes($post['subject']));
 813              $lastpost = "<a href=\"./viewthread.php?tid={$post['tid']}&amp;goto=search&amp;pid={$post['pid']}\">$lpsubject</a> ($lastposttext)";
 814          } else {
 815              $lastpost = $lang['textnopostsyet'];
 816          }
 817  
 818          if (X_GUEST && $SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_search_status'] == 'on') {
 819              $lang['searchusermsg'] = '';
 820          } else {
 821              $lang['searchusermsg'] = str_replace('*USER*', recodeOut($memberinfo['username']), $lang['searchusermsg']);
 822          }
 823          eval('$memberpage = "'.template('member_profile').'";');
 824          break;
 825  
 826      default:
 827          error($lang['textnoaction']);
 828          break;
 829  }
 830  
 831  end_time();
 832  eval('$footer = "'.template('footer').'";');
 833  echo $header, $memberpage, $footer;
 834  ?>

title

Description

title

Description

title

Description

title

title

Body