60) { $_SESSION['last_access'] = time(); } if (isset($_POST['command']) && $_POST['command'] == 'Logout') { $past = time() - 3600; foreach ($_COOKIE as $key => $value) { setcookie($key, $value, $past, '/'); } $_SESSION = array(); session_destroy(); $logmeout = true; } else { $logmeout = false; } include ("config.inc.php"); include ("newsportal.php"); $ip_pass = false; if (! isset($_SESSION['remote_address'])) { $_SESSION['remote_address'] = $_SERVER['REMOTE_ADDR']; $_SESSION['start_address'] = $_SESSION['remote_address']; $ip_pass = true; } else { if ($_SERVER['REMOTE_ADDR'] != $_SESSION['start_address']) { $ip_pass = false; } else { $ip_pass = true; } } if ($logmeout) { include "head.inc"; echo ""; echo "

You have been logged out

"; echo ''; echo '
'; include "tail.inc"; exit(0); } if (isset($_COOKIE['tzo'])) { $offset = $_COOKIE['tzo']; } else { $offset = $CONFIG['timezone']; } if (! isset($_POST['command'])) { $_POST['command'] = null; } $keyfile = $spooldir . '/keys.dat'; $keys = unserialize(file_get_contents($keyfile)); $title .= ' - User Configuration'; include "head.inc"; if (disable_page_by_user_agent($client_device, "bot", "User")) { echo "Page Disabled"; include "tail.inc"; exit(); } // How long should cookie allow user to stay logged in? // 14400 = 4 hours $auth_expire = 14400; $logged_in = false; if (! isset($_POST['username'])) { $_POST['username'] = $_COOKIE['mail_name']; } $name = $_POST['username']; if (! isset($_POST['password'])) { $_POST['password'] = null; } if (! isset($_COOKIE['mail_auth'])) { $_COOKIE['mail_auth'] = null; } if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) { // if (((get_user_mail_auth_data($_COOKIE['mail_name'])) && password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) { $logged_in = true; } else { if (check_bbs_auth($_POST['username'], $_POST['password'])) { if ($ip_pass) { $_SESSION['pass'] = true; } $authkey = password_hash($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), PASSWORD_DEFAULT); $pkey = hash('crc32', get_user_config($_POST['username'], 'encryptionkey')); set_user_config(strtolower($_POST['username']), "pkey", $pkey); ?> '; echo 'Configuration / '; echo htmlspecialchars($_POST['username']) . ''; } else { echo '

'; echo 'user login / '; echo htmlspecialchars($_POST['username']) . '

'; } echo ''; // Mail button if ($logged_in == true) { echo ''; // Files button echo ''; // Configuration button echo ''; // Logout button echo ''; } echo '

'; echo ''; echo '

'; if (isset($_POST['username'])) { $name = $_POST['username']; // Save name in cookie if ($setcookies == true) { setcookie("mail_name", stripslashes($name), time() + (3600 * 24 * 90), '/'); } } else { if ($setcookies) { if ((isset($_COOKIE["mail_name"])) && (! isset($name))) { $name = $_COOKIE["mail_name"]; } else { $name = ''; } } } if ($logged_in !== true) { echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '

Please Login
Username:
Password:

'; exit(0); } $user = strtolower($_POST['username']); $_SESSION['username'] = $user; unset($user_config); $userfile = $spooldir . '/' . $user . '-articleviews.dat'; if (is_file($userfile)) { $userdata = unserialize(file_get_contents($userfile)); } // Show Logged-In Message if ($_POST['command'] != 'Configuration' && $_POST['command'] != 'SaveConfig') { if (isset($_POST['source'])) { $link = explode(':', $_POST['source']); $golink = 'Continue to ' . $link[0] . ''; } echo ""; echo "

You are logged in as " . $_POST['username'] . "

"; echo "

" . $golink . "

"; echo ''; } // Apply Config if (isset($_POST['command']) && $_POST['command'] == 'SaveConfig') { if ($OVERRIDES['disable_change_name'] != true) { if (trim($_POST['display_name']) == '') { $_POST['display_name'] = $user; } if (trim($_POST['display_email']) == '') { $_POST['display_email'] = get_user_config($user, 'email'); } // Don't allow using already existing username or alias $value = get_user_config($_POST['display_name'], 'encryptionkey'); if (! $value) { $value = get_config_file_value($config_dir . '/aliases.conf', strtolower($_POST['display_name'])); // Alias exists if $value is true if (strtolower($value) == $user) { // But it's our alias so it's ok to use $value = false; } } if ($value && (strtolower($_POST['display_name']) != $user)) { // It's someone else's username or alias echo '' . $_POST['display_name'] . " is unavailable.
Please try again"; echo '

'; echo ''; echo ""; echo ''; exit(); } // Validate email format if (filter_var($_POST['display_email'], FILTER_VALIDATE_EMAIL) == false) { // Email address format invalid. Format is important but does not need to be a real address echo ' Display email format appears incorrect:
' . $_POST['display_email'] . '
Please try again'; echo ''; echo ''; echo ""; echo ''; exit(); } // Check if email already exists in user database if ($founduser = check_registered_email_addresses(trim($_POST['display_email']))) { // Email exists in database if (strtolower($user) != strtolower($founduser)) { // It's someone else's email echo '' . $_POST['display_email'] . " is unavailable.
Please try again"; echo ''; echo ''; echo ""; echo ''; exit(); } } $user_config['display_name'] = $_POST['display_name']; $user_config['display_email'] = $_POST['display_email']; } $user_config['signature'] = $_POST['signature']; $user_config['xface'] = $_POST['xface']; $user_config['timezone'] = $_POST['timezone']; $user_config['theme'] = $_POST['listbox']; file_put_contents($config_dir . '/userconfig/' . $user . '.config', serialize($user_config)); $_SESSION['theme'] = $user_config['theme']; $mysubs = explode("\n", $_POST['subscribed']); foreach ($mysubs as $sub) { if (trim($sub) == '') { continue; } $sub = trim($sub); if (! isset($userdata[$sub])) { $userdata[$sub] = 0; } $newsubs[$sub] = $userdata[$sub]; } file_put_contents($spooldir . '/' . $user . '-articleviews.dat', serialize($newsubs)); $userdata = unserialize(file_get_contents($userfile)); if ($userdata) { ksort($userdata); } echo 'Configuration Saved for ' . $_POST['username']; } else { $user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . $user . '.config')); } // Get themes $themedir = $rootdir . '/common/themes'; if (is_dir($themedir)) { if ($theme_list = opendir($themedir)) { while (($theme_dir = readdir($theme_list)) !== false) { if ($theme_dir == '.' || $theme_dir == '..' || ! is_dir($themedir . '/' . $theme_dir)) { continue; } $themes[] = $theme_dir; } closedir($theme_list); } } // Get settings for name and email if ($OVERRIDES['disable_change_name'] != true) { if (isset($user_config['display_name'])) { $display_name = $user_config['display_name']; } else { $display_name = $_POST['username']; } if (isset($user_config['display_email'])) { $display_email = $user_config['display_email']; } else { if (($display_email = get_user_config($_POST['username'], 'email')) == false) { $display_email = $_POST['username'] . '@' . $CONFIG['email_tail']; } } } sort($themes); if (isset($_POST['command']) && $_POST['command'] == 'Configuration') { // Show Config echo '

'; echo ''; echo ''; echo ''; echo ''; if ($OVERRIDES['disable_change_name'] != true) { // User Display Name echo ''; echo ''; // User Display Email echo ''; echo ''; } // Signature echo ''; echo ''; echo ''; // X-Face echo ''; echo ''; echo ''; // Theme if (isset($user_config['theme'])) { echo ''; } else { echo ''; } echo ''; echo ''; // Subscriptions echo ''; echo ''; echo ''; /* * // Timezone * echo ''; * echo ''; * echo ''; */ echo ''; echo ''; echo ''; echo '

Settings for ' . $_POST['username'] . ':
Display Name for posts: '; echo '
Display Email for posts: '; echo '
Signature:
' . $user_config['signature']; echo '
X-Face:
' . $user_config['xface']; echo '
Theme: (' . $user_config['theme'] . ')	Theme:
'; echo ''; echo '
Subscribed:
'; foreach ($userdata as $key => $value) { echo $key . "\n"; } echo '
Timezone offset (+/- hours from UTC):

'; echo ''; echo 'Cancel'; echo '

'; } else { echo '
'; } include "tail.inc"; ?>

'; echo 'user login / '; echo htmlspecialchars($_POST['username']) . '

Settings for ' . $_POST['username'] . ':

Display Name for posts:

Display Email for posts:

Signature:

X-Face:

Theme: (' . $user_config['theme'] . ')

Theme:

Subscribed: