<?php
/********************************************************************************
- MemHT Portal -
Copyright (C) 2007-2008 by Miltenovik Manojlo
http://www.memht.com
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your opinion) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, see <http://www.gnu.org/licenses/> (GPLv2)
or write to the Free Software Foundation, Inc., 51 Franklin Street,
Fifth Floor, Boston, MA02110-1301, USA.
********************************************************************************/
if (!defined("_LOAD_PAGE_")) {
die("<table style='padding: 2px; border: 1px solid #999; background-color: #EEE; font-family: Verdana; font-size: 10px;' align='center'><tr><td><b>Error:</b> This file cannot be opened directly!</td></tr></table>");
}
$op = (isset($_GET['op'])) ? inCode($_GET['op']) : "" ;
$usert = (isset($_GET['usert'])) ? inCode($_GET['usert']) : "" ;
function login() {
global $dblink,$siteConfig,$visitorInfo,$user,$page;
if (isUser($user)) {
$row_info = $dblink->get_row("SELECT *,DATE_FORMAT(regdate, '".$siteConfig['timestamp']."') as regdate FROM memht_utenti WHERE user='$user'");
$pass = $row_info['pass'];
$email = outCode($row_info['email']);
$regdate = $row_info['regdate'];
$sito = outCode($row_info['sito']);
$icq = outCode($row_info['icq']);
$msn = outCode($row_info['msn']);
$aol = outCode($row_info['aol']);
$yahoo = outCode($row_info['yahoo']);
$avatar = outCode($row_info['avatar']);
$post = intval($row_info['post']);
$gender = intval($row_info['gender']);
$title_enabled = intval($row_info['title_enabled']);
$title_text = outCode($row_info['title_text']);
$signature = censure(bb2html(outCode($row_info['signature'],0)));
$feedurl = outCode($row_info['feed']);
if ($avatar=="") { $avatar = "blank.png"; }
if ($gender==1) {
$gender_img = "<img src='images/male.gif' title='"._MALE_."'>";
} else if ($gender==2) {
$gender_img = "<img src='images/female.gif' title='"._FEMALE_."'>";
} else {
$gender_img = "<img src='images/neutral.gif' title='"._NEUTRAL_."'>";
}
if (file_exists("templates/".$siteConfig['template']."/images/users/profile.gif")) {
$prfimg = "<img src='templates/".$siteConfig['template']."/images/users/profile.gif' border='0'>";
} else {
$prfimg = "<img src='pages/$page/images/profile.gif' border='0'>";
}
if (file_exists("templates/".$siteConfig['template']."/images/users/logout.gif")) {
$lotimg = "<img src='templates/".$siteConfig['template']."/images/users/logout.gif' border='0'>";
} else {
$lotimg = "<img src='pages/$page/images/logout.gif' border='0'>";
}
//
if ($pm = $dblink->get_num("SELECT id FROM memht_pvtmsg WHERE recipient='$user' AND new=1")) {
openTable();
echo "<div class='box'><a href='http://www.memht.com/pvtmsg.html' title='"._NEWMESSAGES_."'><font color='#990000'><b>"._NEWMESSAGES_."</b></a>: $pm</font></div>";
closeTable();
}
if ($result = $dblink->get_list("SELECT *,DATE_FORMAT(joined, '".$siteConfig['timestamp']."') as joined,DATE_FORMAT(expire, '".$siteConfig['timestamp']."') as expire FROM memht_groups_members WHERE user='$user'")) {
foreach ($result as $row) {
$groupid = intval($row['groupid']);
$permanent = intval($row['permanent']);
$joined = outCode($row['joined']);
$expire = outCode($row['expire']);
$standby = intval($row['standby']);
if ($expire==0 AND $permanent) { $expire = _PERMANENT_; }
$row = $dblink->get_row("SELECT * FROM memht_groups WHERE id='$groupid'");
$groupname = outCode($row['name']);
openTable();
if ($standby) {
echo "<div class='box'><b>"._MEMBERSHIP_EXPIRED_.":</b><br> - "._GROUP_.": <b>$groupname</b> (<i>"._JOINED_."</i>: $joined - <i>"._EXPIRE_."</i>: $expire)</div>";
} else {
echo "<div class='box'><b>"._GROUPS_.":</b><br> - "._GROUP_.": <b>$groupname</b> (<i>"._JOINED_."</i>: $joined - <i>"._EXPIRE_."</i>: $expire)</div>";
}
closeTable();
}
}
//
openTable(_USERINFO_);
echo "<div align='center'><a href='http://www.memht.com/users_edit.html' title='"._MODIFYPROFILE_."'>$prfimg</a> <a href='http://www.memht.com/users_logout.html' title='"._LOGOUT_."'>$lotimg</a></div>\n";
echo "<table width='100%' border='0' cellspacing='0' cellpadding='2'>\n";
echo "<tr>\n";
echo "<td width='25%' valign='top'>\n";
echo "<b>$user</b><br>\n";
if ($title_enabled==1) {
echo "<span id='small'>$title_text</span><br>\n";
}
echo "<img src='images/avatar/$avatar' border='0' title='$user'><br>\n";
echo "<br>\n";
echo "<b>"._POSTS_.":</b> $post<br>\n";
echo "<b>"._GENDER_.":</b> $gender_img<br><br>\n";
echo "</td>\n";
echo "<td width='75%' valign='top'>\n";
echo "<table width='100%' border='0' cellspacing='0' cellpadding='2'>\n";
echo "<tr><td width='5%'><b>"._REGISTERED_.":</b> </td><td>$regdate</td></tr>\n";
echo "<tr><td><b>"._EMAIL_.":</b></td><td>$email</td></tr>\n";
if ($sito!="") { echo "<tr><td><b>"._SITE_.":</b></td><td>$sito</td></tr>\n"; }
if ($icq!="") { echo "<tr><td><b>"._ICQ_.":</b></td><td>$icq</td></tr>\n"; }
if ($msn!="") { echo "<tr><td><b>"._MSN_.":</b></td><td>$msn</td></tr>\n"; }
if ($aol!="") { echo "<tr><td><b>"._AOL_.":</b></td><td>$aol</td></tr>\n"; }
if ($yahoo!="") { echo "<tr><td><b>"._YAHOO_.":</b></td><td>$yahoo</td></tr>\n"; }
echo "</table>\n";
echo "</td>\n";
echo "</tr>\n";
if ($signature!="") {
echo "<tr><td colspan='2'><div class='box' style='overflow:auto;'>$signature<div></td></tr>\n";
}
echo "</table>\n";
closeTable();
openTable(_RSS_FEEDS_);
if ($feedurl!="") {
define('MAGPIE_CACHE_DIR', 'inc/magpie/cache');
require_once("inc/magpie/rss_fetch.inc");
if ($rss = @fetch_rss($feedurl)) {
echo "<div class='box'><b>".$rss->channel['title']."</b></div>";
foreach ($rss->items as $item) {
$href = @$item['link'];
$title = @$item['title'];
if ($href!="" AND $title!="") {
echo "<div><img src='images/bullet_paper.gif' alt='Bullet'> <a href="$href" target='_blank' title="$title">$title</a></div>";
}
}
} else {
echo "<div align='center' id='errorText' class='box'><b>"._CANNOTREADFEED_."</b></div>";
}
} else {
echo "<div align='center' class='box'><b>"._NOFEEDSELECTED_."</b></div>";
}
closeTable();
} else {
openTable();
echo "<table align='center' border='0'>\n";
if ($dblink->get_num("SELECT ip FROM memht_login_flood WHERE ip='".$visitorInfo['ip']."' AND attempts>=5")==0) {
echo "<form name='user01' method='post' action='index.php?page=users'>\n";
echo "<tr><th>"._USERNAME_."</td><td><input type='text' name='post_username'></td></tr>\n";
echo "<tr><th>"._PASSWORD_."</td><td><input type='password' name='post_password'></td></tr>\n";
echo "<input type='hidden' name='login' value='true'>";
echo "<tr><td><input type='submit' name='Submit' value='"._LOGIN_."'></td><td><a href='http://www.memht.com/users_register.html' title='"._REGISTER_."'>"._REGISTER_."</a></td></tr>\n";
echo "<tr><td> </td><td><a href='http://www.memht.com/users_lostpassword.html' title='"._LOSTPASS_."'>"._LOSTPASS_."</a></td></tr>";
echo "</form>\n";
} else {
echo "<tr><td colpsan='2' align='center'><b>"._YOUMUSTWAITTOLOGINAGAIN_."</b></td></tr>\n";
}
echo "</table>\n";
closeTable();
}
}
function newAccount() {
global $dblink,$siteConfig,$visitorInfo,$tzNOW;
if (isset($_POST['reg'])) { $reg = inCode($_POST['reg']); } else { $reg = false; }
openTable();
if (!$reg) {
?>
<script type="text/javascript">
var ajaxobj_ur = new AjaxObj();
function checkUser() {
var value = window.document.getElementById('user').value;
ajaxobj_ur.opPost('pages/users/inc_checkUser.php','usercontainer','user='+value);
}
</script>
<?php
$infoimg_user = " <img src='images/info.gif' border='0' title='header=["._INFORMATIONS_."] body=[<b>"._ACCEPTED_CHARACTERS_.":</b> a-zA-Z0-9._-<br><b>"._LENGTH_.":</b> 4-".$siteConfig['user_max_lunghezza']."]'>";
$infoimg_pass = " <img src='images/info.gif' border='0' title='header=["._INFORMATIONS_."] body=[<b>"._ACCEPTED_CHARACTERS_.":</b> a-zA-Z0-9._-<br><b>"._LENGTH_.":</b> 4-".$siteConfig['pass_max_lunghezza']."]'>";
$infoimg_email = " <img src='images/info.gif' border='0' title='header=["._INFORMATIONS_."] body=[<b>"._FORMAT_.":</b> a-zA-Z0-9._- <b>(at)</b> a-zA-Z0-9._- <b>(dot)</b> a-zA-Z]'>";
echo "<div align='center'>\n";
echo "<table border='0' align='center'>\n";
echo "<form name='user02' method='post' action='index.php?page=users&op=register'>\n";
echo "<tr><th nowrap>"._USERNAME_."$infoimg_user</th><td align='right'><input type='text' id='user' name='post_username' onkeyup="checkUser()"></td></tr>\n";
echo "<tr><th nowrap>"._PASSWORD_."$infoimg_pass</th><td align='right'><input type='password' name='post_password'></td></tr>\n";
echo "<tr><th nowrap>"._EMAIL_."$infoimg_email</th><td align='right'><input type='text' name='post_email'></td></tr>\n";
echo "<tr><th>"._NEWSLETTER_."</th><td align='right'><span id='info'>"._SUBSCRIBE_."</span> <input type='checkbox' name='post_newsletter' value='true' checked></td></tr>\n";
if (extension_loaded('gd') AND $siteConfig['graphic_check']==1) {
echo "<tr><td valign='bottom' align='right' id='info'>"._CODE_."<br><input type='text' name='post_code_page' size='8' maxlength='255'></td><td><img src='".$siteConfig['site_url']."/imgCode.php?name=chk_users&nc=".md5(time()+rand())."' align='absbottom' title='header=["._SECURITY_CODE_."] body=["._SECURITY_CODE_TEXT_."]'></td></tr>";
}
echo "<input type='hidden' name='reg' value=true>";
echo "<tr><td colspan='2' align='right'><input type='submit' name='Submit' value='"._REGISTER_."'></td></tr>\n";
echo "</form>\n";
echo "</table>\n";
echo "<div id='usercontainer' style='width:200px;'></div>\n";
echo "</div>\n";
} else {
if (isset($_POST['post_username'])) { $post_username = inCode($_POST['post_username']); } else { $post_username = ""; }
if (isset($_POST['post_password'])) { $post_password = inCode($_POST['post_password']); } else { $post_password = ""; }
if (isset($_POST['post_email'])) { $post_email = inCode($_POST['post_email']); } else { $post_email = ""; }
if (isset($_POST['post_newsletter']) AND $_POST['post_newsletter']==true) { $post_newsletter = 1; } else { $post_newsletter = 0; }
@session_start();
if ((isset($_POST['post_code_page']) AND isset($_SESSION['chk_users']) AND strtolower($_POST['post_code_page'])==strtolower($_SESSION['chk_users'])) OR !(extension_loaded('gd') AND $siteConfig['graphic_check']==1)) {
$row_login = $dblink->get_num("SELECT id FROM memht_utenti WHERE user='$post_username' OR email='$post_email'");
$row_login2 = $dblink->get_num("SELECT id FROM memht_utenti_attesa WHERE user='$post_username' OR email='$post_email'");
$save = true;
if ($row_login) { $save = false; $msg = _USERALREADYEXISTS_."/"._EMAILALREADYEXISTS_; }
if ($row_login2) { $save = false; $msg = _USERALREADYEXISTS_."/"._EMAILALREADYEXISTS_; }
if (!validUser($post_username)) { $save = false; $msg = _INVALIDUSER_; }
if (!validPass($post_password)) { $save = false; $msg = _PASSNOTVALID_; }
if (!validEmail($post_email)) { $save = false; $msg = _MAILNOTVALID_; }
if ($save) {
if ($siteConfig['approve_users']==0) {
//No moderation
if ($siteConfig['user_confirm_email']==1) {
//Email confirmation
$codice = randString(10);
$dblink->query("INSERT INTO memht_utenti_attesa (id,user,pass,email,newsletter,lastip,data,codice)
VALUES (null,'$post_username','".md5($post_password)."','$post_email','$post_newsletter','".$visitorInfo['ip']."',$tzNOW,'$codice')");
$subject = $siteConfig['site_name']." - "._REGISTRATION_;
$msg = "$subjectnn";
$msg .= _WELCOMETO_." ".$siteConfig['site_name']."!nn";
$msg .= _FOLLOWLINKTOACTIVATE_.":n";
$msg .= _LINK_.": ".$siteConfig['site_url']."/index.php?page=users&op=activate&actuser=$post_username&actcode=$codicenn";
$msg .= _IP_." ".$visitorInfo['ip']."nn";
$mailheaders = "From: ".$siteConfig['site_name']." <".$siteConfig['webmaster_mail'].">rn" .
"Reply-To: ".$siteConfig['webmaster_mail']."rn" .
"X-Mailer: PHP/" . phpversion();
@mail($post_email, $subject, $msg, $mailheaders);
echo "<div align='center'><b>"._REGRECEIVED_."</b><br>"._YOULLRECEIVEACTIVATIONLINK_.".</div>";
} else {
//No email confirmation
$dblink->query("INSERT INTO memht_utenti (id,user,pass,email,regdate,lastip,lastlogin,enabled)
VALUES (null,'$post_username','".md5($post_password)."','$post_email',$tzNOW,'".$visitorInfo['ip']."',$tzNOW,1)");
$dblink->query("INSERT INTO memht_pvtmsg (id,recipient,author,name,text,date,smiles,new)
VALUES (null,'$post_username','System','Welcome','Welcome to ".$siteConfig['site_name']."',$tzNOW,'1','1')");
if ($post_newsletter==1 AND $dblink->get_num("SELECT email FROM memht_newsletter WHERE email='$post_newsletter'")==0) {
$dblink->query("INSERT INTO memht_newsletter (email,ip) VALUES ('$post_newsletter','".$visitorInfo['ip']."')");
}
echo "<div align='center'><b>"._ACCACTIVATED_."</b><br>"._NOWUCANEDITANDENTER_."</div>";
}
} else {
//Moderation
if ($siteConfig['user_confirm_email']==1) {
$codice = randString(10);
$dblink->query("INSERT INTO memht_utenti_attesa (id,user,pass,email,newsletter,lastip,data,codice)
VALUES (null,'$post_username','".md5($post_password)."','$post_email','$post_newsletter','".$visitorInfo['ip']."',$tzNOW,'$codice')");
//Email confirmation
$subject = $siteConfig['site_name']." - "._REGISTRATION_;
$msg = "$subjectnn";
$msg .= _WELCOMETO_." ".$siteConfig['site_name']."!nn";
$msg .= _FOLLOWLINKTOACTIVATE_.":n";
$msg .= _LINK_.": ".$siteConfig['site_url']."/index.php?page=users&op=activate&actuser=$post_username&actcode=$codicenn";
$msg .= _IP_." ".$visitorInfo['ip']."nn";
$mailheaders = "From: ".$siteConfig['site_name']." <".$siteConfig['webmaster_mail'].">rn" .
"Reply-To: ".$siteConfig['webmaster_mail']."rn" .
"X-Mailer: PHP/" . phpversion();
@mail($post_email, $subject, $msg, $mailheaders);
echo "<div align='center'><b>"._REGRECEIVED_."</b><br>"._YOULLRECEIVEACTIVATIONLINK_.".</div>";
} else {
//No email confirmation
$codice = randString(10);
$dblink->query("INSERT INTO memht_utenti_attesa (id,user,pass,email,newsletter,lastip,data,codice,activated)
VALUES (null,'$post_username','".md5($post_password)."','$post_email','$post_newsletter','".$visitorInfo['ip']."',$tzNOW,'$codice','1')");
echo "<div align='center'><b>"._REGRECEIVED_."</b><br>"._YOULLRECEIVEEMAILADMINACTIVATED_.".</div>";
}
}
} else {
echo "<div align='center' id='errorText'><b>$msg</b></div>";
}
} else {
echo "<div align='center' id='errorText'><b>"._WRONGSECCODE_."</b></div>";
}
}
closeTable();
}
function activateAccount() {
global $dblink,$visitorInfo,$siteConfig,$tzNOW;
openTable();
if (isset($_GET['actuser']) && isset($_GET['actcode'])) {
$actuser = inCode($_GET['actuser']);
$actcode = inCode($_GET['actcode']);
if ($row = $dblink->get_row("SELECT email,pass,newsletter FROM memht_utenti_attesa WHERE user='$actuser' AND codice='$actcode'")) {
$pass = $row['pass'];
$email = outCode($row['email']);
$newsletter = intval($row['newsletter']);
if ($siteConfig['approve_users'
|
