60) { $_SESSION['last_access'] = time(); } if (isset($_POST['command']) && $_POST['command'] == 'Logout') { $past = time() - 3600; foreach ($_COOKIE as $key => $value) { setcookie($key, $value, $past, '/'); } $_SESSION = array(); session_destroy(); unset($_COOKIE['mail_name']); setcookie('mail_name', '', - 1, '/'); $logmeout = true; } else { $logmeout = false; } include ("config.inc.php"); include ("newsportal.php"); $ip_pass = false; if (! isset($_SESSION['remote_address'])) { $_SESSION['remote_address'] = $_SERVER['REMOTE_ADDR']; $_SESSION['start_address'] = $_SESSION['remote_address']; $ip_pass = true; } else { if ($_SERVER['REMOTE_ADDR'] != $_SESSION['start_address']) { $ip_pass = false; } else { $ip_pass = true; } } if ($logmeout) { include "head.inc"; echo ""; echo "

You have been logged out

"; echo ''; echo '
'; include "tail.inc"; exit(0); } if (isset($_COOKIE['tzo'])) { $offset = $_COOKIE['tzo']; } else { $offset = $CONFIG['timezone']; } if (! isset($_POST['command'])) { $_POST['command'] = null; } $keyfile = $spooldir . '/keys.dat'; $keys = unserialize(file_get_contents($keyfile)); $title .= ' - User Configuration'; include "head.inc"; if (disable_page_by_user_agent($client_device, "bot", "User")) { echo "Page Disabled"; include "tail.inc"; exit(); } // How long should cookie allow user to stay logged in? // 14400 = 4 hours $auth_expire = 14400; $logged_in = false; if (! isset($_POST['username'])) { $_POST['username'] = $_COOKIE['mail_name']; } $name = $_POST['username']; if (! isset($_POST['password'])) { $_POST['password'] = null; } if (! isset($_COOKIE['mail_auth'])) { $_COOKIE['mail_auth'] = null; } if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) { $logged_in = true; } else { if (check_bbs_auth($_POST['username'], $_POST['password'])) { if ($ip_pass) { $_SESSION['pass'] = true; } $authkey = password_hash($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), PASSWORD_DEFAULT); $pkey = hash('crc32', get_user_config($_POST['username'], 'encryptionkey')); set_user_config(strtolower($_POST['username']), "pkey", $pkey); ?> '; echo 'Configuration / '; echo htmlspecialchars($_POST['username']) . ''; } else { echo '

'; echo 'user login / '; echo htmlspecialchars($_POST['username']) . '

'; } echo ''; // Mail button if ($logged_in == true) { echo ''; // Files button echo ''; // Configuration button echo ''; // Logout button echo ''; } echo '

'; echo ''; echo '

'; if (isset($_POST['username'])) { $name = $_POST['username']; // Save name in cookie if ($setcookies == true) { setcookie("mail_name", stripslashes($name), time() + (3600 * 24 * 90), '/'); } } else { if ($setcookies) { if ((isset($_COOKIE["mail_name"])) && (! isset($name))) { $name = $_COOKIE["mail_name"]; } else { $name = ''; } } } if ($logged_in !== true) { echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '

Please Login
Username:
Password:

'; exit(0); } $user = strtolower($_POST['username']); $_SESSION['username'] = $user; unset($user_config); $userfile = $spooldir . '/' . $user . '-articleviews.dat'; if (is_file($userfile)) { $userdata = unserialize(file_get_contents($userfile)); } // Show Logged-In Message if ($_POST['command'] != 'Configuration' && $_POST['command'] != 'SaveConfig') { if (isset($_POST['source'])) { $link = explode(':', $_POST['source']); $golink = 'Continue to ' . $link[0] . ''; } else { $golink = ''; } echo ""; echo "

You are logged in as " . $_POST['username'] . "

"; echo "

" . $golink . "

"; echo ''; } // Apply Config if (isset($_POST['command']) && $_POST['command'] == 'SaveConfig') { // Confirm password if (! check_bbs_auth($user, $_POST['confirm_password'])) { $message = 'Password Incorrect
Please try again'; retry_configuration($message); } if ($OVERRIDES['disable_change_name'] != true) { if (trim($_POST['display_name']) == '') { $_POST['display_name'] = $user; } if (trim($_POST['display_email']) == '') { $_POST['display_email'] = get_user_config($user, 'email'); } // Don't allow using already existing username or alias $value = get_user_config($_POST['display_name'], 'encryptionkey'); if (! $value) { $value = get_config_file_value($config_dir . '/aliases.conf', strtolower($_POST['display_name'])); // Alias exists if $value is true if (strtolower($value) == $user) { // But it's our alias so it's ok to use $value = false; } } if (isset($OVERRIDES['reserved_names'])) { $reserved_names = $OVERRIDES['reserved_names']; } else { $reserved_names = array( "admin", "sysop" ); } if (isset($OVERRIDES['duplicate_aliases'])) { $dupe_ok = $OVERRIDES['duplicate_aliases']; } else { $dupe_ok = false; } foreach ($reserved_names as $name) { if (strtolower($_POST['display_name']) == strtolower($name)) { // It's a reserved alias $message = '' . $_POST['display_name'] . " is unavailable.
Please try again"; retry_configuration($message); } } if ($value && (strtolower($_POST['display_name']) != $user)) { // It's someone else's username or alias $message = '' . $_POST['display_name'] . " is unavailable.
Please try again"; retry_configuration($message); } // Validate email format if (filter_var($_POST['display_email'], FILTER_VALIDATE_EMAIL) == false) { // Email address format invalid. Format is important but does not need to be a real address $message = ' Display email format appears incorrect:
' . $_POST['display_email'] . '
Please try again'; retry_configuration($message); } // Check if email already exists in user database if ($founduser = check_registered_email_addresses(trim($_POST['display_email']))) { // Email exists in database if (strtolower($user) != strtolower($founduser)) { // It's someone else's email $message = '' . $_POST['display_email'] . " is unavailable.
Please try again"; retry_configuration($message); } } // New passwords do not match if ($_POST['password'] !== $_POST['password2']) { $message = ' New password entries do not match
Please try again'; retry_configuration($message); } $user_config['display_name'] = trim($_POST['display_name']); $user_config['display_email'] = trim($_POST['display_email']); // Apply alias into $config_dir/aliases_conf if (strtolower($user_config['display_name'] != strtolower($_POST['username']))) { $value_unique = true; if ($dupe_ok) { foreach ($dupe_ok as $dupe) { if ($dupe == strtolower($_POST['username'])) { $value_unique = false; break; } } } save_config_value($config_dir . '/aliases.conf', strtolower($user_config['display_name']), strtolower($_POST['username']), $value_unique); } } $user_config['signature'] = $_POST['signature']; $user_config['xface'] = $_POST['xface']; $user_config['timezone'] = $_POST['timezone']; $user_config['theme'] = $_POST['theme']; $user_config['hide_unsub'] = $_POST['hide_unsub']; file_put_contents($config_dir . '/userconfig/' . $user . '.config', serialize($user_config)); $_SESSION['theme'] = $user_config['theme']; $mysubs = explode("\n", $_POST['subscribed']); foreach ($mysubs as $sub) { $sub = trim($sub); if ($sub == '') { continue; } if (! isset($userdata[$sub])) { $userdata[$sub] = 0; } $newsubs[$sub] = $userdata[$sub]; } file_put_contents($spooldir . '/' . $user . '-articleviews.dat', serialize($newsubs)); // Block posters $blockfile = $spooldir . '/' . strtolower($_COOKIE['mail_name']) . '-blocked_posters.dat'; if (file_exists($blockfile)) { $blocked_saved_config = unserialize(file_get_contents($blockfile)); } else { $blocked_saved_config = null; } $block = preg_split("/\r\n|\n|\r/", $_POST['blocked_users_config']); foreach ($block as $blocked_user) { foreach($blocked_saved_config as $key => $value) { if($key == $blocked_user) { $newblocks[$key] = $value; break; } } } file_put_contents($blockfile, serialize($newblocks)); // End Block posters $userdata = unserialize(file_get_contents($userfile)); if ($userdata) { ksort($userdata); } // Save new password if ((trim($_POST['password']) != '') && ($_POST['password'] == $_POST['password2'])) { $userFilename = $config_dir . '/users/' . strtolower($user); file_put_contents($userFilename, password_hash($_POST['password'], PASSWORD_DEFAULT)); } echo 'Configuration Saved for ' . $_POST['username'] . ''; } else { $user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . $user . '.config')); } // Get themes $themedir = $rootdir . '/common/themes'; if (is_dir($themedir)) { if ($theme_list = opendir($themedir)) { while (($theme_dir = readdir($theme_list)) !== false) { if ($theme_dir == '.' || $theme_dir == '..' || ! is_dir($themedir . '/' . $theme_dir)) { continue; } $themes[] = $theme_dir; } closedir($theme_list); } } // Get settings for name and email if ($OVERRIDES['disable_change_name'] != true) { if (isset($user_config['display_name'])) { $display_name = $user_config['display_name']; } else { $display_name = $_POST['username']; } if (isset($user_config['display_email'])) { $display_email = $user_config['display_email']; } else { if (($display_email = get_user_config($_POST['username'], 'email')) == false) { $display_email = $_POST['username'] . '@' . $CONFIG['email_tail']; } } } sort($themes); if (isset($_REQUEST['command']) && $_REQUEST['command'] == 'Configuration') { // Use modifications from retry configuration if ($_POST['retry'] == "retry") { $display_name = $_POST['display_name']; $display_email = $_POST['display_email']; $user_config['signature'] = $_POST['signature']; $user_config['xface'] = urldecode($_POST['xface']); $user_config['hide_unsub'] = $_POST['hide_unsub']; $user_config['subscribed'] = $_POST['subscribed']; $user_config['theme'] = $_POST['theme']; $user_config['blocked_users_config'] = $_POST['blocked_users_config']; } // Show Config echo '

'; echo ''; echo ''; echo ''; echo ''; if ($OVERRIDES['disable_change_name'] != true) { // User Display Name echo ''; echo ''; // User Display Email echo ''; echo ''; } // Signature echo ''; echo ''; echo ''; // X-Face if ($OVERRIDES['disable_xface'] != true) { echo ''; echo ''; } echo ''; // Theme if (isset($user_config['theme']) && trim($user_config['theme']) != '') { echo ''; } else { echo ''; } echo ''; echo ''; // Subscriptions if (! isset($user_config['hide_unsub'])) { $user_config['hide_unsub'] = 'show'; } echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; // Blocklist if ($userdata = get_user_mail_auth_data($_COOKIE['mail_name'])) { $blockfile = $spooldir . '/' . strtolower($_COOKIE['mail_name']) . '-blocked_posters.dat'; if (file_exists($blockfile)) { $blocked_users_config = unserialize(file_get_contents($blockfile)); } else { $blocked_users_config = null; } } echo ''; echo ''; echo ''; // User Display Name echo ''; echo ''; echo ''; // User Display Email echo ''; echo ''; echo ''; /* * // Timezone * echo ''; * echo ''; * echo ''; */ // Password confirmation echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '

Settings for ' . $_POST['username'] . ':
Display Name for posts: '; echo '
Display Email for posts: '; echo '
Signature:
' . $user_config['signature']; echo '
X-Face:
' . $user_config['xface']; echo '
Theme: (' . $user_config['theme'] . ')	Theme:
'; echo ''; echo '
Subscriptions:
'; echo ' While viewing section pages: '; if ($user_config['hide_unsub'] == 'hide') { echo ''; } else { echo ''; } echo ' Hide Unsubscribed Groups '; if ($user_config['hide_unsub'] == 'show') { echo ''; } else { echo ''; } echo ' Show All Groups'; echo '
Subscribed groups:
'; if (isset($user_config['subscribed'])) { $userdata = $user_config['subscribed']; print_r($user_config['subscribed']); } else { foreach ($userdata as $key => $value) { if ($key == "DO.NOT.DELETE") { continue; } echo $key . "\n"; } } echo '
Blocklist: (you may only remove from this list)
'; if (isset($blocked_users_config)) { $blockdata = $user_config['blocked_users_config']; foreach ($blocked_users_config as $key => $value) { echo $key . "\n"; // echo $value . "\n"; } } echo '
New password: '; echo '
Re-enter new password: '; echo '
Timezone offset (+/- hours from UTC):

Current password: (required) '; echo '
'; echo ''; echo 'Cancel'; echo '

'; } else { echo '
'; } include "tail.inc"; function retry_configuration($message) { echo ''; echo $message; echo ''; exit(); }

'; echo 'user login / '; echo htmlspecialchars($_POST['username']) . '

Settings for ' . $_POST['username'] . ':

Display Name for posts:

Display Email for posts:

Signature:

X-Face:

Theme: (' . $user_config['theme'] . ')

Theme:

Subscriptions:

Subscribed groups:

Blocklist:

New password:

Re-enter new password:

Current password:

(required)