diff --git a/Rocksolid_Light/common/register.php b/Rocksolid_Light/common/register.php index 9ed3bff..e0879a2 100644 --- a/Rocksolid_Light/common/register.php +++ b/Rocksolid_Light/common/register.php @@ -1,4 +1,3 @@ - '; + +// Nothing in $_POST. Show main form +if (!isset($_POST['command'])) { if (isset($_COOKIE["ts_limit"])) { echo "It appears you already have an active account
"; echo "More than one account may not be created in 30 days
"; @@ -70,13 +83,21 @@ if (! isset($_POST['command'])) { echo ''; echo ''; echo ' '; - echo ''; + echo ''; echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; + echo ''; + + // RESET Password + echo '
'; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ' '; + echo '
'; + echo ''; echo ''; } @@ -85,91 +106,30 @@ if (! isset($_POST['command'])) { exit(0); } -if (isset($_POST['command']) && $_POST['command'] == 'CreateNew') { - include $config_dir . '/synchronet.conf'; - $workpath = $config_dir . "users/"; - $keypath = $config_dir . "userconfig/"; - $username = $_POST['username']; - $password = $_POST['password']; - $user_email = $_POST['user_email']; - if (isset($_POST['code'])) { - $code = $_POST['code']; - } else { - $code = false; - } - $userFilename = $workpath . $username; - $keyFilename = $keypath . $username; - @mkdir($workpath . 'new/'); - $verified = 0; - $no_verify = explode(' ', $CONFIG['no_verify']); - foreach ($no_verify as $no) { - if (strlen($_SERVER['HTTP_HOST']) - strlen($no) === strrpos($_SERVER['HTTP_HOST'], $no)) { - $CONFIG['verify_email'] = false; - } - } - - if ($CONFIG['verify_email'] == true) { - $saved_code = file_get_contents(sys_get_temp_dir() . "/" . $username); - if ((strcmp(trim($code), trim($saved_code))) !== 0) { - echo "Code does not match. Try again.
"; - echo '
'; - echo ' '; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo '

Cancel and return to home page'; - exit(2); - } - $verified = 1; - } - if ($userFileHandle = @fopen($userFilename, 'w+')) { - fwrite($userFileHandle, password_hash($password, PASSWORD_DEFAULT)); - fclose($userFileHandle); - chmod($userFilename, 0666); - } - // Create synchronet account - if (isset($synch_create) && $synch_create == true) { - putenv("SBBSCTRL=$synch_path/ctrl"); - $result = shell_exec("$synch_path/exec/makeuser $username -P $password"); - } - $newkey = make_key($username); - if ($userFileHandle = @fopen($keyFilename, 'w+')) { - fwrite($userFileHandle, 'encryptionkey:' . $newkey . "\r\n"); - fwrite($userFileHandle, 'email:' . $user_email . "\r\n"); - if ($verified == 1) { - fwrite($userFileHandle, "email_verified:true\r\n"); - } - fclose($userFileHandle); - chmod($userFilename, 0666); - } - if (file_exists(sys_get_temp_dir() . "/" . $username)) { - unlink(sys_get_temp_dir() . "/" . $username); - } - echo "User:" . $username . " Created\r\n"; - echo '
Back'; - +if (isset($_POST['command']) && $_POST['command'] == 'ResetPW') { + reset_password($username, $user_email); exit(0); } -if ($CONFIG['verify_email'] == true) { - include ($config_dir . '/phpmailer.inc.php'); - if (class_exists('PHPMailer')) { - $mail = new PHPMailer(); - } else { - $mail = new PHPMailer\PHPMailer\PHPMailer(); - } +if (isset($_POST['command']) && $_POST['command'] == 'CreateNew') { + create_new($username, $password, $user_email); + exit(0); +} + +if (isset($_POST['command']) && $_POST['command'] == 'ResetPWSendCode') { + reset_password_send_code($username, $user_email); + exit(0); +} + +if (isset($_POST['command']) && $_POST['command'] == 'ChangePW') { + accept_new_password($username, $password); + exit(0); } # $hostname: '{POPaddress:port/pop3}INBOX' $hostname = '{mail.example.com:110/pop3}INBOX'; # $external: Using external POP auth? $external = 0; -# $workpath: Where to cache users (must be writable by calling program) -$workpath = $config_dir . "users/"; -$keypath = $config_dir . "userconfig/"; $ok = FALSE; $command = "Login"; @@ -182,7 +142,7 @@ $user_email = $_POST['user_email']; echo '
'; $thisusername = $username; -$username = strtolower($username); +$username = trim(strtolower($username)); $userFilename = $workpath . $username; $keyFilename = $keypath . $username; @@ -191,7 +151,7 @@ if (empty($_POST['username'])) { echo "Please enter a Username\r\n"; echo ''; echo ''; - echo ''; + echo ''; exit(2); } @@ -200,7 +160,7 @@ if (strlen($clean_username) > 30) { echo '
'; echo ''; echo ''; - echo ''; + echo '
'; exit(2); } @@ -210,7 +170,7 @@ if ($clean_username != $_POST['username']) { echo '
'; echo ''; echo ''; - echo ''; + echo '
'; exit(2); } @@ -218,7 +178,7 @@ if (filter_var($user_email, FILTER_VALIDATE_EMAIL) == false) { echo "Email address format appears incorrect\n"; echo '
'; echo ''; - echo ''; + echo '
'; exit(2); } @@ -228,7 +188,7 @@ if ($CONFIG['verify_email']) { echo "Email domain appears to not exist\n"; echo '
'; echo ''; - echo ''; + echo '
'; exit(2); } } @@ -238,7 +198,7 @@ if (($_POST['password'] !== $_POST['password2']) || $_POST['password'] == '') { echo '
'; echo ''; echo ''; - echo ''; + echo '
'; exit(2); } @@ -247,21 +207,21 @@ if (getExpressionResult($_POST['captchacode']) != $_POST['captcha']) { echo '
'; echo ''; echo ''; - echo ''; + echo '
'; exit(2); } /* Check for existing email address */ $users = scandir($config_dir . "/userconfig"); foreach ($users as $user) { - if (! is_file($config_dir . "/userconfig/" . $user)) { + if (!is_file($config_dir . "/userconfig/" . $user)) { continue; } if (strcmp(get_user_config($user, 'mail'), $user_email) == 0) { echo "Email exists in database\r\n"; echo '
'; echo ''; - echo ''; + echo '
'; exit(2); } } @@ -273,13 +233,15 @@ if (file_exists($email_registry)) { echo "Email address already used\r\n"; echo '
'; echo ''; - echo ''; + echo '
'; exit(2); } } -if (! preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z0-9]{2,5})$^", $user_email)) { +if (!preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z0-9]{2,5})$^", $user_email)) { echo "Email must be in the form of an email address\r\n"; - echo '
Back'; + echo '
'; + echo ''; + echo '
'; exit(2); } @@ -321,10 +283,300 @@ if ($external) { # User is authenticated or to be created. Either way, create the file if ($ok || ($command == "Create")) { + create_account($username, $password, $user_email); + exit(0); +} else { + echo "Authentication Failed\r\n"; + exit(1); +} + +// Here we send code by email to verify RESET of password +function reset_password_send_code($username, $user_email) +{ + send_reset_email($username, $user_email); + exit(0); +} + +function reset_password($username = null, $user_email = null) +{ + global $keys; + + if (isset($_POST['pwcommand']) && $_POST['pwcommand'] != 'new' && $_POST['pwcommand'] != 'retry') { + if (getExpressionResult($_POST['captchacode']) != $_POST['captcha']) { + echo "Incorrect captcha response2\r\n"; + echo '
'; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo '
'; + exit(2); + } + } + if (isset($_POST['pwcommand']) && $_POST['pwcommand'] != 'retry') { + if ($username != null && $user_email != null) { + if (verify_reset_password($username, $user_email) == false) { + return false; + } else { + // Proceed with password change process starting with email verification + // We must create and send verification code, then return and handle that + echo "Click to send Verification Code by email.\r\n"; + echo '
'; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo '
'; + exit; + } + } + } + $captchaImage = '../tmp/captcha' . time() . '.png'; + $captchacode = prepareCaptcha($captchaImage); + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + + echo ''; + echo '
Reset Password
Username:
Email:
 
'; + return true; +} + +function verify_reset_password($username, $user_email) +{ + global $keys, $logfile; + if ($username != null && $user_email != null) { + $get_userval = get_config_value('/userconfig/' . trim(strtolower($username)), 'email'); + if (strcmp(trim(strtolower($get_userval)), trim(strtolower($user_email))) != 0) { + echo "Username or Email Not Found\r\n"; + echo '
'; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo '
'; + file_put_contents($logfile, "\n" . logging_prefix() . " CHANGE PASSWORD (Username or Email Not Found) for: " . $username, FILE_APPEND); + return false; + } else { + return true; + } + } else { + return false; + } +} + +function accept_new_password($username, $password) +{ + global $keys; + $code = $_POST['code']; + $password = $_POST['password']; + $password2 = $_POST['password2']; + $saved_code = file_get_contents(sys_get_temp_dir() . "/" . $username); + $fail = false; + if ((strcmp(trim($password), trim($password2))) !== 0) { + $fail = "Your passwords entered do not match
"; + } + if ((strcmp(trim($code), trim($saved_code))) !== 0) { + $fail = "Code does not match. Try again.
"; + } + + if ($fail) { + echo $fail; + echo '
'; + echo '
Enter CODE: '; + echo ' '; + echo ''; + echo '

NEW Password: '; + echo ''; + echo '
Re-Enter Password: '; + echo ''; + echo ''; + echo ''; + echo '

'; + exit; + } + change_user_password($username, $password); + exit(0); +} + +function change_user_password($username, $password) +{ + global $config_dir, $logfile; + $username = strtolower($username); + $userfile = $config_dir . '/users/' . $username; + if (!file_exists($userfile)) { + echo "User:" . $username . " Not Found\r\n"; + return; + } else { + file_put_contents($userfile, password_hash($password, PASSWORD_DEFAULT)); + echo "Password Changed for User: " . $username . "\n
"; + echo "NEW Password: " . $password . "\n"; + file_put_contents($logfile, "\n" . logging_prefix() . " Changed PASSWORD for: " . $username, FILE_APPEND); + } +} + +function send_reset_email($username, $user_email) +{ + global $CONFIG, $config_dir, $spooldir, $keys; + + $email = trim(strtolower($user_email)); + + // $retry_delay will double after every send of email + $retry_delay = 3; // How many minutes before allowing to re-send email + + $reset_file = $spooldir . '/email_reset_log.dat'; + if (file_exists($reset_file)) { + $reset_log = unserialize(file_get_contents($reset_file)); + } else { + $reset_log = array(); + } + // Unset delay for email address after 1 day + if (isset($reset_log[$email]['time']) && $reset_log[$email]['time'] < time() - 86400) { + unset($reset_log[$email]); + } + + if(isset($reset_log[$email]['count'])) { + $retry_delay = $retry_delay * $reset_log[$email]['count']; + } + $retry_seconds = $retry_delay * 60; + + if (isset($reset_log[$email]['time']) && $reset_log[$email]['time'] > time() - $retry_seconds) { + echo "Email may only be re-sent after " . $retry_delay . " minutes
"; + $remain = (($reset_log[$email]['time'] + $retry_seconds) - time()); + $remain = round($remain / 60, 1); + echo "Please wait " . $remain . " minutes to re-send
"; + exit(0); + } + + if ($username != null && $user_email != null) { + $get_useremail = get_config_value('userconfig/' . trim(strtolower($username)), 'email'); + if (trim(strtolower($get_useremail)) != trim(strtolower($user_email))) { + echo 'Username or Email address not found

'; + echo $username . " : " . $get_useremail . " : " . $user_email; + return false; + } + include($config_dir . '/phpmailer.inc.php'); + if (class_exists('PHPMailer')) { + $mail = new PHPMailer(); + } else { + $mail = new PHPMailer\PHPMailer\PHPMailer(); + } + } + echo 'Request Password Reset for: ' . $username . '

'; + + $mail->SMTPOptions = array( + 'ssl' => array( + 'verify_peer' => false, + 'verify_peer_name' => false, + 'allow_self_signed' => true + ) + ); + + $mail->IsSMTP(); + # uncomment below to enable debugging + # $mail->SMTPDebug = 3; + + $mail->CharSet = 'UTF-8'; + $mail->Host = $mailer['host']; + $mail->SMTPAuth = true; + + $mail->Port = $mailer['port']; + $mail->Username = $mailer['username']; + $mail->Password = $mailer['password'];; + $mail->SMTPSecure = 'tls'; + + $mail->setFrom($mail_user . '@' . $mail_domain, $mail_name); + $mail->addAddress($user_email); + + $mail->Subject = "Confirmation code for " . $_SERVER['HTTP_HOST']; + + foreach ($mail_custom_header as $key => $value) { + $mail->addCustomHeader($key, $value); + } + + $mycode = create_code($username); + $msg = "A request to RESET YOUR PASSWORD on " . $_SERVER['HTTP_HOST']; + $msg .= " has been made using " . $user_email . ".\n\n"; + $msg .= "IF YOU DID NOT REQUEST THIS, IGNORE THIS and the request will fail.\n\n"; + $msg .= "This is your PASSWORD CHANGE authorization code: " . $mycode . "\n\n"; + $msg .= "Note: replies to this email address are checked daily."; + $mail->Body = wordwrap($msg, 70); + + if (!$mail->send()) { + echo 'The message could not be sent.'; + echo '

Error: ' . htmlentities($mail->ErrorInfo); + } else { + echo 'An email has been sent to ' . $user_email . '
'; + echo 'Please enter the code from the email below:
'; + echo '

'; + echo '
Enter CODE: '; + echo ' '; + echo ''; + echo '

NEW Password: '; + echo ''; + echo '
Re-Enter Password: '; + echo ''; + echo ''; + echo ''; + echo ''; + echo '

'; + echo '

Cancel and return to home page'; + + $reset_log[$email]['time'] = time(); + if(isset($reset_log[$email]['count'])) { + $reset_log[$email]['count'] = $reset_log[$email]['count'] * 2; + } else { + $reset_log[$email]['count'] = 1; + } + file_put_contents($reset_file, serialize($reset_log)); + } +} + +function create_account($username, $password, $user_email) +{ + global $CONFIG, $config_dir, $keys, $user_email, $email_registry; + + if ($CONFIG['verify_email'] == true) { + include($config_dir . '/phpmailer.inc.php'); + if (class_exists('PHPMailer')) { + $mail = new PHPMailer(); + } else { + $mail = new PHPMailer\PHPMailer\PHPMailer(); + } + } + echo 'Create account: ' . $_POST['username'] . '

'; /* Generate email */ - # only check for no verification is the field has been populated - if (! empty($CONFIG['no_verify'])) { + # only check for no verification if the field has been populated + if (!empty($CONFIG['no_verify'])) { $no_verify = explode(' ', $CONFIG['no_verify']); foreach ($no_verify as $no) { if (strlen($_SERVER['HTTP_HOST']) - strlen($no) === strrpos($_SERVER['HTTP_HOST'], $no)) { @@ -358,8 +610,7 @@ if ($ok || ($command == "Create")) { $mail->Port = $mailer['port']; $mail->Username = $mailer['username']; - $mail->Password = $mailer['password']; - ; + $mail->Password = $mailer['password'];; $mail->SMTPSecure = 'tls'; $mail->setFrom($mail_user . '@' . $mail_domain, $mail_name); @@ -379,29 +630,94 @@ if ($ok || ($command == "Create")) { $msg .= "Note: replies to this email address are checked daily."; $mail->Body = wordwrap($msg, 70); - if (! $mail->send()) { + if (!$mail->send()) { echo 'The message could not be sent.'; - echo '

Error: ' . $mail->ErrorInfo; + echo '

Error: ' . htmlentities($mail->ErrorInfo); + echo '

Cancel and return to home page'; + exit(1); } else { echo 'An email has been sent to ' . $user_email . '
'; echo 'Please enter the code from the email below:
'; } } + echo ''; + if ($CONFIG['verify_email'] == true) { + echo ' '; + } + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo '

Cancel and return to home page'; +} - echo ''; - if ($CONFIG['verify_email'] == true) { - echo ' '; +function create_new($username, $password, $user_email) +{ + global $config_dir, $CONFIG, $keys, $workpath, $keypath, $logfile; + include $config_dir . '/synchronet.conf'; + if (isset($_POST['code'])) { + $code = $_POST['code']; + } else { + $code = false; } - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo '

Cancel and return to home page'; -} else { - echo "Authentication Failed\r\n"; - exit(1); + $userFilename = $workpath . $username; + $keyFilename = $keypath . $username; + @mkdir($workpath . 'new/'); + $verified = 0; + $no_verify = explode(' ', $CONFIG['no_verify']); + foreach ($no_verify as $no) { + if (strlen($_SERVER['HTTP_HOST']) - strlen($no) === strrpos($_SERVER['HTTP_HOST'], $no)) { + $CONFIG['verify_email'] = false; + } + } + + if ($CONFIG['verify_email'] == true) { + $saved_code = file_get_contents(sys_get_temp_dir() . "/" . $username); + if ((strcmp(trim($code), trim($saved_code))) !== 0) { + echo "Code does not match. Try again.
"; + echo ''; + echo ' '; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo '

Cancel and return to home page'; + exit(2); + } + $verified = 1; + } + + // Create NEW account + if ($userFileHandle = @fopen($userFilename, 'w+')) { + fwrite($userFileHandle, password_hash($password, PASSWORD_DEFAULT)); + fclose($userFileHandle); + chmod($userFilename, 0666); + file_put_contents($logfile, "\n" . logging_prefix() . " Created NEW Account for: " . $username, FILE_APPEND); + } + // Create synchronet account (this is very incomplete. Ignore this) + if (isset($synch_create) && $synch_create == true) { + putenv("SBBSCTRL=$synch_path/ctrl"); + $result = shell_exec("$synch_path/exec/makeuser $username -P $password"); + } + $newkey = make_key($username); + if ($userFileHandle = @fopen($keyFilename, 'w+')) { + fwrite($userFileHandle, 'encryptionkey:' . $newkey . "\r\n"); + fwrite($userFileHandle, 'email:' . $user_email . "\r\n"); + if ($verified == 1) { + fwrite($userFileHandle, "email_verified:true\r\n"); + } + fclose($userFileHandle); + chmod($userFilename, 0666); + } + if (file_exists(sys_get_temp_dir() . "/" . $username)) { + unlink(sys_get_temp_dir() . "/" . $username); + } + echo "User:" . $username . " Created\r\n"; + echo '
Back'; } function get_user_config($username, $request) @@ -412,7 +728,7 @@ function get_user_config($username, $request) $userFilename = $userconfigpath . $username; if ($userFileHandle = @fopen($userFilename, 'r')) { - while (! feof($userFileHandle)) { + while (!feof($userFileHandle)) { $buffer = fgets($userFileHandle); if (strpos($buffer, $request . ':') !== FALSE) { $userdataline = $buffer; @@ -448,7 +764,7 @@ function get_config_value($configfile, $request) global $config_dir; if ($configFileHandle = @fopen($config_dir . '/' . $configfile, 'r')) { - while (! feof($configFileHandle)) { + while (!feof($configFileHandle)) { $buffer = fgets($configFileHandle); if (strpos($buffer, $request . ':') !== FALSE) { $dataline = $buffer; @@ -476,7 +792,7 @@ function generateImage($text, $file) function getIndex($alphabet, $letter) { - for ($i = 0; $i < count($alphabet); $i ++) { + for ($i = 0; $i < count($alphabet); $i++) { $l = $alphabet[$i]; if ($l === $letter) return $i; @@ -506,4 +822,12 @@ function prepareCaptcha($captchaImage) $code = $alphabet[$usedAlphabet] . $alphabetsForNumbers[$usedAlphabet][$expression->n1] . $alphabetsForNumbers[$usedAlphabet][$expression->n2]; return ($code); } -?> + +function format_log_date() +{ + return date('M d H:i:s'); +} + +function logging_prefix() { + return format_log_date() . " [" . $_SERVER['REMOTE_ADDR'] . "]"; +} \ No newline at end of file diff --git a/Rocksolid_Light/common/version.txt b/Rocksolid_Light/common/version.txt index 151ae82..b8a1bd1 100644 --- a/Rocksolid_Light/common/version.txt +++ b/Rocksolid_Light/common/version.txt @@ -1 +1 @@ -0.9.140 +0.9.141 diff --git a/Rocksolid_Light/rocksolid/article-flat.php b/Rocksolid_Light/rocksolid/article-flat.php index 337fee8..4d729f0 100644 --- a/Rocksolid_Light/rocksolid/article-flat.php +++ b/Rocksolid_Light/rocksolid/article-flat.php @@ -12,8 +12,12 @@ if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 6 $logfile = $logdir . '/newsportal.log'; if (isset($_COOKIE['mail_name'])) { - if ($userdata = get_user_mail_auth_data($_COOKIE['mail_name'])) { - $userfile = $spooldir . '/' . strtolower($_COOKIE['mail_name']) . '-articleviews.dat'; + $cookie_mail_name = trim(strtolower($_COOKIE['mail_name'])); + if($_COOKIE['mail_name'] == $CONFIG['anonusername']) { + unset($cookie_mail_name); + } + if ($userdata = get_user_mail_auth_data($cookie_mail_name)) { + $userfile = $spooldir . '/' . strtolower($cookie_mail_name) . '-articleviews.dat'; } } // register parameters diff --git a/Rocksolid_Light/rocksolid/lib/thread.inc.php b/Rocksolid_Light/rocksolid/lib/thread.inc.php index c37e3cb..9417333 100644 --- a/Rocksolid_Light/rocksolid/lib/thread.inc.php +++ b/Rocksolid_Light/rocksolid/lib/thread.inc.php @@ -875,15 +875,7 @@ function thread_show_recursive(&$headers, &$liste, $depth, $tree, $group, $artic $lineclass = "np_thread_line" . (($article_count % 2) + 1); // read the first article $c = $headers[$liste[$i]]; - - // Is a last message causing duplicates? - if(isset($last_thread) && $c->date_thread == $last_thread) { - // Seems we have more than one thread displayed for a single reply article - file_put_contents($debug_log, "\n" . format_log_date() . " " . $config_name . "Duplicate thread found in: " . $group . " msgid: " . $c->id, FILE_APPEND); - // This is hopefully temporary until date stuff is fixed - continue; - } - $last_thread = $c->date_thread; + $last_thread = $c->date_thread; // Avoid listing if error (fixme) // if (preg_match('/\D/', $c->number)) { diff --git a/Rocksolid_Light/rocksolid/newsportal.php b/Rocksolid_Light/rocksolid/newsportal.php index 177bd4d..c46ace3 100644 --- a/Rocksolid_Light/rocksolid/newsportal.php +++ b/Rocksolid_Light/rocksolid/newsportal.php @@ -613,10 +613,15 @@ function groups_show($gruppen) $nonsubs = array(); $user = null; // Get registered user settings - if (isset($_COOKIE['mail_name'])) { - if ($userdata = get_user_mail_auth_data($_COOKIE['mail_name'])) { - $userfile = $spooldir . '/' . strtolower($_COOKIE['mail_name']) . '-articleviews.dat'; - $user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . strtolower($_COOKIE['mail_name']) . '.config')); + + $cookie_mail_name = $_COOKIE['mail_name']; + if(isset($_COOKIE['mail_name']) && $_COOKIE['mail_name'] == $CONFIG['anonusername']) { + unset($cookie_mail_name); + } + if (isset($cookie_mail_name)) { + if ($userdata = get_user_mail_auth_data($cookie_mail_name)) { + $userfile = $spooldir . '/' . strtolower($cookie_mail_name) . '-articleviews.dat'; + $user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . strtolower($cookie_mail_name) . '.config')); } } for ($i = 0; $i < $c; $i ++) { @@ -779,18 +784,30 @@ function groups_show($gruppen) $groupdisplay .= '

'; if ($found == 1) { - $poster = address_decode($lastarticleinfo['name'], "nowhere"); - $lastarticleinfo['from'] = $poster[0]['mailbox'] . "@" . $poster[0]['host']; - if (isset($poster[0]['personal'])) { - $lastarticleinfo['name'] = $poster[0]['personal']; + $fromline = address_decode(headerDecode($lastarticleinfo['name']), "nowhere"); + if (! isset($fromline[0]["host"])) + $fromline[0]["host"] = ""; + $name_from = $fromline[0]["mailbox"] . "@" . $fromline[0]["host"]; + if (! isset($fromline[0]["personal"])) { + $poster_name = $fromline[0]["mailbox"]; } else { - $lastarticleinfo['name'] = $poster[0]['mailbox']; + $poster_name = $fromline[0]["personal"]; } - $fromoutput[0] = $poster[0]['mailbox'] . "@" . $poster[0]['host']; + if (trim($poster_name) == '') { + $fromoutput = explode("<", html_entity_decode($c->name)); + if (strlen($fromoutput[0]) < 1) { + $poster_name = $fromoutput[1]; + } else { + $poster_name = $fromoutput[0]; + } + } + $lastarticleinfo['name'] = $poster_name; + $groupdisplay .= get_date_interval(date("D, j M Y H:i T", $lastarticleinfo['date'])); $groupdisplay .= '
'; $groupdisplay .= 'by: '; - $groupdisplay .= create_name_link(mb_decode_mimeheader(html_entity_decode($lastarticleinfo['name'])), $lastarticleinfo['from']); + + $groupdisplay .= create_name_link($lastarticleinfo['name'], $name_from); $groupdisplay .= '
'; } else { unset($lastarticleinfo); @@ -1323,10 +1340,14 @@ function verify_logged_in($name) { function set_user_logged_in_cookies($name, $keys) { - global $debug_log; + global $debug_log, $CONFIG; $name = trim($name); $name_lc = strtolower($name); + if($name == $CONFIG['anonusername']) { + return false; + } + if( !get_user_config($name_lc, 'encryptionkey')) { $key = openssl_random_pseudo_bytes(44); set_user_config($name_lc, 'encryptionkey', base64_encode($key)); @@ -1351,6 +1372,7 @@ function set_user_logged_in_cookies($name, $keys) { document.cookie = "pkey="+pkey+"; max-age="+name_expire+"; path=/"; getMessage(); - exit(); - } - $dbh->exec("CREATE TABLE IF NOT EXISTS threads( - id INTEGER PRIMARY KEY, - headers TEXT, - unique (headers))"); - return ($dbh); -} - function history_db_open($database, $table = 'history') { try { diff --git a/Rocksolid_Light/rocksolid/overboard.php b/Rocksolid_Light/rocksolid/overboard.php index f070154..9badc95 100644 --- a/Rocksolid_Light/rocksolid/overboard.php +++ b/Rocksolid_Light/rocksolid/overboard.php @@ -61,6 +61,11 @@ if (disable_page_by_user_agent($client_device, "bot", "Overboard")) { $CONFIG = include ($config_file); $logfile = $logdir . '/overboard.log'; +$cookie_mail_name = $_COOKIE['mail_name']; +if(isset($_COOKIE['mail_name']) && $_COOKIE['mail_name'] == $CONFIG['anonusername']) { + unset($cookie_mail_name); +} + # How many days old should articles be displayed? if (isset($_GET['thisgroup'])) { $article_age = 30; @@ -106,10 +111,10 @@ if (isset($_GET['thisgroup'])) { $grouplist = array(); $grouplist[0] = _rawurldecode(_rawurldecode($_GET['thisgroup'])); $cachefile = $spooldir . "/" . $grouplist[0] . "-overboard.dat"; - if (isset($_COOKIE['mail_name'])) { - if ($userdata = get_user_mail_auth_data($_COOKIE['mail_name'])) { - $userfile = $spooldir . '/' . strtolower($_COOKIE['mail_name']) . '-articleviews.dat'; - $user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . strtolower($_COOKIE['mail_name']) . '.config')); + if (isset($cookie_mail_name)) { + if ($userdata = get_user_mail_auth_data($cookie_mail_name)) { + $userfile = $spooldir . '/' . strtolower($cookie_mail_name) . '-articleviews.dat'; + $user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . strtolower($cookie_mail_name) . '.config')); $userdata[$grouplist[0]] = time(); file_put_contents($userfile, serialize($userdata)); } @@ -119,8 +124,8 @@ if (isset($_GET['thisgroup'])) { } // Determine default view style -if (isset($_COOKIE['mail_name'])) { - if ($user_obstyle = get_config_file_value($config_dir . '/userconfig/' . strtolower($_COOKIE['mail_name']), 'obstyle')) { +if (isset($cookie_mail_name)) { + if ($user_obstyle = get_config_file_value($config_dir . '/userconfig/' . strtolower($cookie_mail_name), 'obstyle')) { $_SESSION['obstyle'] = $user_obstyle; } } @@ -134,8 +139,8 @@ if (! isset($_SESSION['obstyle'])) { $_SESSION['obstyle'] = 'articles'; } } -if (isset($_COOKIE['mail_name'])) { - save_config_value($config_dir . '/userconfig/' . strtolower($_COOKIE['mail_name']), 'obstyle', $_SESSION['obstyle'], true); +if (isset($cookie_mail_name)) { + save_config_value($config_dir . '/userconfig/' . strtolower($cookie_mail_name), 'obstyle', $_SESSION['obstyle'], true); } show_overboard_header($grouplist); @@ -268,10 +273,10 @@ function display_threads($threads, $oldest) } // Get registered user settings $newonly = false; - if (isset($_COOKIE['mail_name'])) { - if ($userdata = get_user_mail_auth_data($_COOKIE['mail_name'])) { - $user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . strtolower($_COOKIE['mail_name']) . '.config')); - $userfile = $spooldir . '/' . strtolower($_COOKIE['mail_name']) . '-blocked_posters.dat'; + if (isset($cookie_mail_name)) { + if ($userdata = get_user_mail_auth_data($cookie_mail_name)) { + $user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . strtolower($cookie_mail_name) . '.config')); + $userfile = $spooldir . '/' . strtolower($cookie_mail_name) . '-blocked_posters.dat'; if (file_exists($userfile)) { $blocked_user_config = unserialize(file_get_contents($userfile)); } else { @@ -448,12 +453,12 @@ function display_flat($threads, $oldest) } // Get registered user settings $newonly = false; - if (isset($_COOKIE['mail_name'])) { - if ($userdata = get_user_mail_auth_data($_COOKIE['mail_name'])) { - $userfile = $spooldir . '/' . strtolower($_COOKIE['mail_name']) . '-articleviews.dat'; - $user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . strtolower($_COOKIE['mail_name']) . '.config')); + if (isset($cookie_mail_name)) { + if ($userdata = get_user_mail_auth_data($cookie_mail_name)) { + $userfile = $spooldir . '/' . strtolower($cookie_mail_name) . '-articleviews.dat'; + $user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . strtolower($cookie_mail_name) . '.config')); } - $userfile = $spooldir . '/' . strtolower($_COOKIE['mail_name']) . '-blocked_posters.dat'; + $userfile = $spooldir . '/' . strtolower($cookie_mail_name) . '-blocked_posters.dat'; if (file_exists($userfile)) { $blocked_user_config = unserialize(file_get_contents($userfile)); } else { diff --git a/Rocksolid_Light/rocksolid/post.php b/Rocksolid_Light/rocksolid/post.php index f7d060b..80d8840 100644 --- a/Rocksolid_Light/rocksolid/post.php +++ b/Rocksolid_Light/rocksolid/post.php @@ -222,13 +222,15 @@ if ($type == "post") { } else { $_SESSION['pass'] = true; $logged_in = true; - set_user_logged_in_cookies($name, $keys); - file_put_contents($auth_log, "\n" . logging_prefix() . " SET AUTH COOKIES for: " . $name, FILE_APPEND); + if (set_user_logged_in_cookies($name, $keys)) { + file_put_contents($auth_log, "\n" . logging_prefix() . " SET AUTH COOKIES for: " . $name, FILE_APPEND); + } } } else { // Update cookie times to stay logged in - set_user_logged_in_cookies($name, $keys); - file_put_contents($auth_log, "\n" . logging_prefix() . " UPDATED AUTH COOKIES for: " . $name, FILE_APPEND); + if (set_user_logged_in_cookies($name, $keys)) { + file_put_contents($auth_log, "\n" . logging_prefix() . " UPDATED AUTH COOKIES for: " . $name, FILE_APPEND); + } } } // Check that user has not been recently banned diff --git a/Rocksolid_Light/rocksolid/search.php b/Rocksolid_Light/rocksolid/search.php index 03aa65c..3dbe71c 100644 --- a/Rocksolid_Light/rocksolid/search.php +++ b/Rocksolid_Light/rocksolid/search.php @@ -116,7 +116,6 @@ if ((! isset($_POST['key']) || ! password_verify($CONFIG['thissitekey'], $_POST[ } } // END Block poster - exit(0); } else { // Determine default view style @@ -462,7 +461,7 @@ function get_header_search($group, $terms) } $article_dbh = article_db_open($article_database); $article_stmt = $article_dbh->prepare("SELECT * FROM articles WHERE number=:number"); - if (is_multibyte($_POST['terms'])) { + if (!isset($_POST['data']) && is_multibyte($_POST['terms'])) { $stmt = $dbh->prepare("SELECT * FROM $table WHERE newsgroup=:group"); $stmt->bindParam(':group', $group); $stmt->execute(); diff --git a/Rocksolid_Light/rslight/phpmailer.inc.php b/Rocksolid_Light/rslight/phpmailer.inc.php index 12936de..ccd6775 100644 --- a/Rocksolid_Light/rslight/phpmailer.inc.php +++ b/Rocksolid_Light/rslight/phpmailer.inc.php @@ -23,4 +23,4 @@ $mailer['password'] = "password"; require $phpmailer['phpmailer']; require $phpmailer['smtp']; -?> +require $phpmailer['exception']; diff --git a/Rocksolid_Light/rslight/scripts/expire.php b/Rocksolid_Light/rslight/scripts/expire.php index a47ec7d..317a3a4 100644 --- a/Rocksolid_Light/rslight/scripts/expire.php +++ b/Rocksolid_Light/rslight/scripts/expire.php @@ -194,13 +194,6 @@ function vacuum_group_database($group) $article_dbh = null; } } - $database = $spooldir . '/' . $group . '-data.db3'; - if ($data_dbh = threads_db_open($database)) { - file_put_contents($logfile, "\n" . format_log_date() . " " . $config_name . " " . $group . " VACUUM threads database...", FILE_APPEND); - $data_stmt = $data_dbh->prepare('VACUUM'); - $data_stmt->execute(); - $data_dbh = null; - } // Check for moderation flag here. Yes, in vacuum. is_moderated($group); file_put_contents($logfile, "\n" . format_log_date() . " " . $config_name . " " . $group . " Checked for moderation flag", FILE_APPEND); diff --git a/Rocksolid_Light/rslight/scripts/rslight-lib.php b/Rocksolid_Light/rslight/scripts/rslight-lib.php index 1bcf7b2..cd36e60 100644 --- a/Rocksolid_Light/rslight/scripts/rslight-lib.php +++ b/Rocksolid_Light/rslight/scripts/rslight-lib.php @@ -284,12 +284,12 @@ function prepare_post($filename) $bbsmail_check = "@@RSL"; foreach ($message as $line) { - if (trim($line) == "" || $lines > 0) { + if (trim($line) == "" && $lines > 0) { $is_header = 0; $lines ++; } - if ($lines > 0 && $is_header = 0) { - $break; + if ($lines > 0 && $is_header == 0) { + break; } if (stripos($line, "From: ") === 0) { $lines ++; @@ -363,9 +363,11 @@ function process_post($message, $group) /* Process post */ foreach ($message as $line) { $bytes = $bytes + mb_strlen($line, '8bit'); - if (trim($line) == "" || $lines > 0) { + if (trim($line) == "" && $lines > 0) { $is_header = 0; $lines ++; + } else { + $lines ++; } if ($is_header == 0) { $body .= $line . "\n"; @@ -486,9 +488,11 @@ function process_post($message, $group) $lines = 0; $ng = 0; foreach ($message as $line) { - if (trim($line) == "" || $lines > 0) { + if (trim($line) == "" && $lines > 0) { $is_header = 0; $lines ++; + } else { + $lines ++; } if (stripos($line, "Newsgroups: ") === 0 && $is_header == 1) { fputs($postfilehandle, "Newsgroups: " . $newsgroups . "\r\n"); @@ -1140,12 +1144,6 @@ function get_list($mode, $ngroup, $msgsock) } } -/* - * function encode_subject($line) { - * $newstring=mb_encode_mimeheader(quoted_printable_decode($line)); - * return $newstring; - * } - */ function insert_article($section, $nntp_group, $filename, $subject_i, $from_i, $article_date, $date_i, $mid_i, $references_i, $bytes_i, $lines_i, $xref_i, $body) { global $enable_rslight, $spooldir, $CONFIG, $OVERRIDES, $logdir, $lockdir, $logfile; @@ -1202,19 +1200,6 @@ function insert_article($section, $nntp_group, $filename, $subject_i, $from_i, $ $header = 1; $tmp_file_handle = fopen($tmp_file, 'w'); while ($buf = fgets($in_file)) { - if ($header == 1) { - if (stripos($buf, "Content-Type: ") === 0) { - preg_match('/.*charset=.*/', $buf, $te); - $content_type = explode("Content-Type: text/plain; charset=", $te[0]); - } - if (stripos($buf, "Newsgroups: ") === 0) { - $response = str_ireplace($group, $group, $buf); - // Identify each group name for xref - $groupnames = explode("Newsgroups: ", $buf); - $allgroups = preg_split("/\ |\,/", $groupnames[1]); - $ref = 0; - } - } else {} if ((trim($buf) == "") && ($header == 1)) { $current_article['xref'] = "Xref: " . $CONFIG['pathhost']; foreach ($allgroups as $agroup) { @@ -1235,6 +1220,19 @@ function insert_article($section, $nntp_group, $filename, $subject_i, $from_i, $ fputs($tmp_file_handle, $current_article['xref'] . PHP_EOL); $buf .= ''; } + if ($header == 1) { + if (stripos($buf, "Content-Type: ") === 0) { + preg_match('/.*charset=.*/', $buf, $te); + $content_type = explode("Content-Type: text/plain; charset=", $te[0]); + } + if (stripos($buf, "Newsgroups: ") === 0) { + $response = str_ireplace($group, $group, $buf); + // Identify each group name for xref + $groupnames = explode("Newsgroups: ", $buf); + $allgroups = preg_split("/\ |\,/", $groupnames[1]); + $ref = 0; + } + } fputs($tmp_file_handle, rtrim($buf, "\n\r") . PHP_EOL); } fputs($tmp_file_handle, "\n.\n"); diff --git a/Rocksolid_Light/spoolnews/user.php b/Rocksolid_Light/spoolnews/user.php index 75294d8..57140b5 100644 --- a/Rocksolid_Light/spoolnews/user.php +++ b/Rocksolid_Light/spoolnews/user.php @@ -85,7 +85,7 @@ if(!$logged_in) { if ($ip_pass) { $_SESSION['pass'] = true; } - set_user_logged_in_cookies($name, $keys); + set_user_logged_in_cookies(trim($_POST['username']), $keys); $logged_in = true; } else { echo 'Authentication Required';