includes/sessions.php
changeset 391 85f91037cd4f
parent 387 92664d2efab8
child 401 6ae6e387a0e3
equal deleted inserted replaced
390:9bcc185dc151 391:85f91037cd4f
   396           $a = getConfig('account_activation');
   396           $a = getConfig('account_activation');
   397           switch($a)
   397           switch($a)
   398           {
   398           {
   399             case 'none':
   399             case 'none':
   400             default:
   400             default:
   401               $solution = 'Your account was most likely deactivated by an administrator. Please contact the site administration for further assistance.';
   401               $solution = $lang->get('user_login_noact_solution_none');
   402               break;
   402               break;
   403             case 'user':
   403             case 'user':
   404               $solution = 'Please check your e-mail; you should have been sent a message with instructions on how to activate your account. If you do not receive an e-mail from this site within 24 hours, please contact the site administration for further assistance.';
   404               $solution = $lang->get('user_login_noact_solution_user');
   405               break;
   405               break;
   406             case 'admin':
   406             case 'admin':
   407               $solution = 'This website has been configured so that all user accounts must be activated by the administrator before they can be used, so your account will most likely be activated the next time an administrator visits the site.';
   407               $solution = $lang->get('user_login_noact_solution_admin');
   408               break;
   408               break;
   409           }
   409           }
   410           
   410           
   411           // admin activation request opportunity
   411           // admin activation request opportunity
   412           $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($userdata['username']) . '\';');
   412           $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($userdata['username']) . '\';');
   423             $this->user_id =       intval($userdata['user_id']);
   423             $this->user_id =       intval($userdata['user_id']);
   424             $this->username =      $userdata['username'];
   424             $this->username =      $userdata['username'];
   425             $this->auth_level =    USER_LEVEL_MEMBER;
   425             $this->auth_level =    USER_LEVEL_MEMBER;
   426             $this->user_level =    USER_LEVEL_MEMBER;
   426             $this->user_level =    USER_LEVEL_MEMBER;
   427             $this->logout();
   427             $this->logout();
   428             redirect(scriptPath . '/', 'Logged out', 'You have successfully been logged out. All cookies cleared.', 4);
   428             redirect(scriptPath . '/', $lang->get('user_login_noact_msg_logout_success_title'), $lang->get('user_login_noact_msg_logout_success_body'), 5);
   429           }
   429           }
   430           
   430           
   431           if ( $can_request && !isset($_POST['activation_request']) )
   431           if ( $can_request && !isset($_POST['activation_request']) )
   432           {
   432           {
   433             $form = '<p>If you are having trouble or did not receive the e-mail, you can request account activation from the administrators of this site.</p>
   433             $form = '<p>' . $lang->get('user_login_noact_msg_ask_admins') . '</p>
   434                      <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">
   434                      <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">
   435                        <p><input type="submit" name="activation_request" value="Request account activation" /> <input type="submit" name="logout" value="Log out" /></p>
   435                        <p><input type="submit" name="activation_request" value="' . $lang->get('user_login_noact_btn_request_activation') . '" /> <input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p>
   436                      </form>';
   436                      </form>';
   437           }
   437           }
   438           else
   438           else
   439           {
   439           {
   440             if ( $can_request && isset($_POST['activation_request']) )
   440             if ( $can_request && isset($_POST['activation_request']) )
   441             {
   441             {
   442               $this->admin_activation_request($userdata['username']);
   442               $this->admin_activation_request($userdata['username']);
   443               $form = '<p>A request has just been sent to the administrators of this site. They will be able to activate your account or send you another activation e-mail if needed.</p>
   443               $form = '<p>' . $lang->get('user_login_noact_msg_admins_just_asked') . '</p>
   444                        <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">
   444                        <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">
   445                          <p><input type="submit" name="logout" value="Log out" /></p>
   445                          <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p>
   446                        </form>';
   446                        </form>';
   447             }
   447             }
   448             else
   448             else
   449             {
   449             {
   450               $form = '<p>There is an active request in the administrators\' control panel for your account to be activated.</p>
   450               $form = '<p>' . $lang->get('user_login_noact_msg_admins_asked') . '</p>
   451                        <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">
   451                        <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">
   452                          <p><input type="submit" name="logout" value="Log out" /></p>
   452                          <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p>
   453                        </form>';
   453                        </form>';
   454             }
   454             }
   455           }
   455           }
   456           
   456           
   457           die_semicritical('Account error', '<p>It appears that your user account has not yet been activated. '.$solution.'</p>' . $form);
   457           die_semicritical($lang->get('user_login_noact_title'), '<p>' . $lang->get('user_login_noact_msg_intro') . ' '.$solution.'</p>' . $form);
   458         }
   458         }
   459         
   459         
   460         $this->sid = $_COOKIE['sid'];
   460         $this->sid = $_COOKIE['sid'];
   461         $this->user_logged_in = true;
   461         $this->user_logged_in = true;
   462         $this->user_id =       intval($userdata['user_id']);
   462         $this->user_id =       intval($userdata['user_id']);
   710         foreach ( $code as $cmd )
   710         foreach ( $code as $cmd )
   711         {
   711         {
   712           eval($cmd);
   712           eval($cmd);
   713         }
   713         }
   714         
   714         
   715         redirect($url, 'Login sucessful', 'Please wait while you are transferred to the Password Reset form.');
   715         redirect($url, '', '', 0);
   716         exit;
   716         exit;
   717       }
   717       }
   718     }
   718     }
   719     
   719     
   720     if($row['old_encryption'] == 1)
   720     if($row['old_encryption'] == 1)
  1580    */
  1580    */
  1581    
  1581    
  1582   function check_banlist()
  1582   function check_banlist()
  1583   {
  1583   {
  1584     global $db, $session, $paths, $template, $plugins; // Common objects
  1584     global $db, $session, $paths, $template, $plugins; // Common objects
       
  1585     global $lang;
       
  1586     
  1585     $col_reason = ( $this->compat ) ? '"No reason entered (session manager is in compatibility mode)" AS reason' : 'reason';
  1587     $col_reason = ( $this->compat ) ? '"No reason entered (session manager is in compatibility mode)" AS reason' : 'reason';
  1586     $banned = false;
  1588     $banned = false;
  1587     if ( $this->user_logged_in )
  1589     if ( $this->user_logged_in )
  1588     {
  1590     {
  1589       // check by IP, email, and username
  1591       // check by IP, email, and username
  1610               . "  ORDER BY ban_type ASC;";
  1612               . "  ORDER BY ban_type ASC;";
  1611       }
  1613       }
  1612       $q = $this->sql($sql);
  1614       $q = $this->sql($sql);
  1613       if ( $db->numrows() > 0 )
  1615       if ( $db->numrows() > 0 )
  1614       {
  1616       {
  1615         while ( list($reason, $ban_value, $ban_type, $is_regex) = $db->fetchrow_num() )
  1617         while ( list($reason_temp, $ban_value, $ban_type, $is_regex) = $db->fetchrow_num() )
  1616         {
  1618         {
  1617           if ( $ban_type == BAN_IP && $row['is_regex'] != 1 )
  1619           if ( $ban_type == BAN_IP && $row['is_regex'] != 1 )
  1618           {
  1620           {
  1619             // check range
  1621             // check range
  1620             $regexp = parse_ip_range_regex($ban_value);
  1622             $regexp = parse_ip_range_regex($ban_value);
  1622             {
  1624             {
  1623               continue;
  1625               continue;
  1624             }
  1626             }
  1625             if ( preg_match("/$regexp/", $_SERVER['REMOTE_ADDR']) )
  1627             if ( preg_match("/$regexp/", $_SERVER['REMOTE_ADDR']) )
  1626             {
  1628             {
       
  1629               $reason = $reason_temp;
  1627               $banned = true;
  1630               $banned = true;
  1628             }
  1631             }
  1629           }
  1632           }
  1630           else
  1633           else
  1631           {
  1634           {
  1632             // User is banned
  1635             // User is banned
  1633             $banned = true;
  1636             $banned = true;
       
  1637             $reason = $reason_temp;
  1634           }
  1638           }
  1635         }
  1639         }
  1636       }
  1640       }
  1637       $db->free_result();
  1641       $db->free_result();
  1638     }
  1642     }
  1654                 ORDER BY ban_type ASC;";
  1658                 ORDER BY ban_type ASC;";
  1655       }
  1659       }
  1656       $q = $this->sql($sql);
  1660       $q = $this->sql($sql);
  1657       if ( $db->numrows() > 0 )
  1661       if ( $db->numrows() > 0 )
  1658       {
  1662       {
  1659         while ( list($reason, $ban_value, $ban_type, $is_regex) = $db->fetchrow_num() )
  1663         while ( list($reason_temp, $ban_value, $ban_type, $is_regex) = $db->fetchrow_num() )
  1660         {
  1664         {
  1661           if ( $ban_type == BAN_IP && $row['is_regex'] != 1 )
  1665           if ( $ban_type == BAN_IP && $row['is_regex'] != 1 )
  1662           {
  1666           {
  1663             // check range
  1667             // check range
  1664             $regexp = parse_ip_range_regex($ban_value);
  1668             $regexp = parse_ip_range_regex($ban_value);
  1665             if ( !$regexp )
  1669             if ( !$regexp )
  1666               continue;
  1670               continue;
  1667             if ( preg_match("/$regexp/", $_SERVER['REMOTE_ADDR']) )
  1671             if ( preg_match("/$regexp/", $_SERVER['REMOTE_ADDR']) )
  1668             {
  1672             {
       
  1673               $reason = $reason_temp;
  1669               $banned = true;
  1674               $banned = true;
  1670             }
  1675             }
  1671           }
  1676           }
  1672           else
  1677           else
  1673           {
  1678           {
  1674             // User is banned
  1679             // User is banned
       
  1680             $reason = $reason_temp;
  1675             $banned = true;
  1681             $banned = true;
  1676           }
  1682           }
  1677         }
  1683         }
  1678       }
  1684       }
  1679       $db->free_result();
  1685       $db->free_result();
  1680     }
  1686     }
  1681     if ( $banned && $paths->get_pageid_from_url() != $paths->nslist['Special'].'CSS' )
  1687     if ( $banned && $paths->get_pageid_from_url() != $paths->nslist['Special'].'CSS' )
  1682     {
  1688     {
  1683       // This guy is banned - kill the session, kill the database connection, bail out, and be pretty about it
  1689       // This guy is banned - kill the session, kill the database connection, bail out, and be pretty about it
  1684       die_semicritical('Ban notice', '<div class="error-box">You have been banned from this website. Please contact the site administrator for more information.<br /><br />Reason:<br />'.$reason.'</div>');
  1690       die_semicritical($lang->get('user_ban_msg_title'), '<p>' . $lang->get('user_ban_msg_body') . '</p><div class="error-box"><b>' . $lang->get('user_ban_lbl_reason') . '</b><br />' . $reason . '</div>');
  1685       exit;
  1691       exit;
  1686     }
  1692     }
  1687   }
  1693   }
  1688   
  1694   
  1689   # Registration
  1695   # Registration
  2064    * @return string
  2070    * @return string
  2065    */
  2071    */
  2066   
  2072   
  2067   function userlevel_to_string($user_level, $short = false)
  2073   function userlevel_to_string($user_level, $short = false)
  2068   {
  2074   {
  2069     if ( $short )
  2075     global $lang;
  2070     {
  2076     
  2071       switch ( $user_level )
  2077     static $levels = array(
  2072       {
  2078         'short' => array(
  2073         case USER_LEVEL_GUEST:
  2079             USER_LEVEL_GUEST => 'Guest',
  2074           return 'Guest';
  2080             USER_LEVEL_MEMBER => 'Member',
  2075         case USER_LEVEL_MEMBER:
  2081             USER_LEVEL_CHPREF => 'Sensitive preferences changeable',
  2076           return 'Member';
  2082             USER_LEVEL_MOD => 'Moderator',
  2077         case USER_LEVEL_CHPREF:
  2083             USER_LEVEL_ADMIN => 'Administrative'
  2078           return 'Sensitive preferences changeable';
  2084           ),
  2079         case USER_LEVEL_MOD:
  2085         'long' => array(
  2080           return 'Moderator';
  2086             USER_LEVEL_GUEST => 'Low - guest privileges',
  2081         case USER_LEVEL_ADMIN:
  2087             USER_LEVEL_MEMBER => 'Standard - normal member level',
  2082           return 'Administrative';
  2088             USER_LEVEL_CHPREF => 'Medium - user can change his/her own e-mail address and password',
  2083         default:
  2089             USER_LEVEL_MOD => 'High - moderator privileges',
  2084           return "Level $user_level";
  2090             USER_LEVEL_ADMIN => 'Highest - administrative privileges'
  2085       }
  2091           ),
       
  2092         'l10n' => false
       
  2093       );
       
  2094     
       
  2095     if ( is_object($lang) && !$levels['l10n'] )
       
  2096     {
       
  2097       $levels = array(
       
  2098           'short' => array(
       
  2099               USER_LEVEL_GUEST => $lang->get('user_level_short_guest'),
       
  2100               USER_LEVEL_MEMBER => $lang->get('user_level_short_member'),
       
  2101               USER_LEVEL_CHPREF => $lang->get('user_level_short_chpref'),
       
  2102               USER_LEVEL_MOD => $lang->get('user_level_short_mod'),
       
  2103               USER_LEVEL_ADMIN => $lang->get('user_level_short_admin')
       
  2104             ),
       
  2105           'long' => array(
       
  2106               USER_LEVEL_GUEST => $lang->get('user_level_long_guest'),
       
  2107               USER_LEVEL_MEMBER => $lang->get('user_level_long_member'),
       
  2108               USER_LEVEL_CHPREF => $lang->get('user_level_long_chpref'),
       
  2109               USER_LEVEL_MOD => $lang->get('user_level_long_mod'),
       
  2110               USER_LEVEL_ADMIN => $lang->get('user_level_long_admin')
       
  2111             ),
       
  2112           'l10n' => true
       
  2113         );
       
  2114     }
       
  2115     
       
  2116     $key = ( $short ) ? 'short' : 'long';
       
  2117     if ( isset($levels[$key][$user_level]) )
       
  2118     {
       
  2119       return $levels[$key][$user_level];
  2086     }
  2120     }
  2087     else
  2121     else
  2088     {
  2122     {
  2089       switch ( $user_level )
  2123       if ( $short )
  2090       {
  2124       {
  2091         case USER_LEVEL_GUEST:
  2125         return ( is_object($lang) ) ? $lang->get('user_level_short_unknown', array('user_level' => $user_level)) : "Unknown - $user_level";
  2092           return 'Low - guest privileges';
  2126       }
  2093         case USER_LEVEL_MEMBER:
  2127       else
  2094           return 'Standard - normal member level';
  2128       {
  2095         case USER_LEVEL_CHPREF:
  2129         return ( is_object($lang) ) ? $lang->get('user_level_long_unknown', array('user_level' => $user_level)) : "Unknown level ($user_level)";
  2096           return 'Medium - user can change his/her own e-mail address and password';
  2130       }
  2097         case USER_LEVEL_MOD:
  2131     }
  2098           return 'High - moderator privileges';
  2132     
  2099         case USER_LEVEL_ADMIN:
  2133     return 'Linux rocks!';
  2100           return 'Highest - administrative privileges';
  2134     
  2101         default:
       
  2102           return "Unknown ($user_level)";
       
  2103       }
       
  2104     }
       
  2105   }
  2135   }
  2106   
  2136   
  2107   /**
  2137   /**
  2108    * Updates a user's information in the database. Note that any of the values except $user_id can be false if you want to preserve the old values.
  2138    * Updates a user's information in the database. Note that any of the values except $user_id can be false if you want to preserve the old values.
       
  2139    * Not localized because this really isn't used a whole lot anymore.
  2109    * @param int $user_id The user ID of the user to update - this cannot be changed
  2140    * @param int $user_id The user ID of the user to update - this cannot be changed
  2110    * @param string $username The new username
  2141    * @param string $username The new username
  2111    * @param string $old_pass The current password - only required if sessionManager::$user_level < USER_LEVEL_ADMIN. This should usually be an UNENCRYPTED string. This can also be an array - if it is, key 0 is treated as data AES-encrypted with key 1
  2142    * @param string $old_pass The current password - only required if sessionManager::$user_level < USER_LEVEL_ADMIN. This should usually be an UNENCRYPTED string. This can also be an array - if it is, key 0 is treated as data AES-encrypted with key 1
  2112    * @param string $password The new password
  2143    * @param string $password The new password
  2113    * @param string $email The new e-mail address
  2144    * @param string $email The new e-mail address