60) { $_SESSION['last_access'] = time(); } if (isset($_POST['command']) && $_POST['command'] == 'Logout') { $past = time() - 3600; foreach ($_COOKIE as $key => $value) { setcookie($key, $value, $past, '/'); } $_SESSION = array(); session_destroy(); unset($_COOKIE['mail_name']); setcookie('mail_name', '', - 1, '/'); $logmeout = true; } else { $logmeout = false; } include ("config.inc.php"); include ("newsportal.php"); $ip_pass = false; if (! isset($_SESSION['remote_address'])) { $_SESSION['remote_address'] = $_SERVER['REMOTE_ADDR']; $_SESSION['start_address'] = $_SESSION['remote_address']; $ip_pass = true; } else { if ($_SERVER['REMOTE_ADDR'] != $_SESSION['start_address']) { $ip_pass = false; } else { $ip_pass = true; } } if ($logmeout) { include "head.inc"; echo "
"; echo "

You have been logged out

"; echo '
'; echo '
'; include "tail.inc"; exit(0); } if (isset($_COOKIE['tzo'])) { $offset = $_COOKIE['tzo']; } else { $offset = $CONFIG['timezone']; } if (! isset($_POST['command'])) { $_POST['command'] = null; } $keyfile = $spooldir . '/keys.dat'; $keys = unserialize(file_get_contents($keyfile)); $title .= ' - User Configuration'; include "head.inc"; if (disable_page_by_user_agent($client_device, "bot", "User")) { echo "
Page Disabled
"; include "tail.inc"; exit(); } $logged_in = false; if (! isset($_POST['username'])) { $_POST['username'] = $_COOKIE['mail_name']; } $name = trim(strtolower($_POST['username'])); if (! isset($_POST['password'])) { $_POST['password'] = null; } if (! isset($_COOKIE['mail_auth'])) { $_COOKIE['mail_auth'] = null; } $logged_in = verify_logged_in(trim(strtolower($_POST['username']))); if(!$logged_in) { if ((password_verify($name . $keys[0] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($name . $keys[1] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth']))) { $logged_in = true; } else { if (check_bbs_auth($_POST['username'], $_POST['password'])) { if ($ip_pass) { $_SESSION['pass'] = true; } set_user_logged_in_cookies(trim($_POST['username']), $keys); $logged_in = true; } else { echo 'Authentication Required'; } } } if (isset($_REQUEST['command']) && $_REQUEST['command'] == 'Configuration') { echo '

'; echo 'Configuration / '; echo htmlspecialchars($_POST['username']) . '

'; } else { echo '

'; echo 'user login / '; echo htmlspecialchars($_POST['username']) . '

'; } echo ''; // Mail button if ($logged_in == true) { echo ''; // Files button echo ''; // Configuration button echo ''; } if ((isset($_COOKIE["mail_name"]))) { // Logout button echo ''; } echo '
'; echo '
'; echo ''; echo ""; echo ''; echo '
'; echo '
'; echo '
'; echo ''; echo ""; echo ''; echo '
'; echo '
'; echo '
'; echo ''; echo ""; echo ''; echo '
'; echo '
'; echo '
'; echo ''; echo ""; echo ''; echo '
'; echo '
'; if (isset($_POST['username'])) { $name = $_POST['username']; // Save name in cookie if ($setcookies == true) { setcookie("mail_name", stripslashes($name), time() + (3600 * 24 * 90), '/'); } } else { if ($setcookies) { if ((isset($_COOKIE["mail_name"])) && (! isset($name))) { $name = $_COOKIE["mail_name"]; } else { $name = ''; } } } if ($logged_in !== true) { echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '
Please Login
Username:
Password:
 
'; exit(0); } $user = strtolower($_POST['username']); $_SESSION['username'] = $user; unset($user_config); $userfile = $spooldir . '/' . $user . '-articleviews.dat'; if (is_file($userfile)) { $userdata = unserialize(file_get_contents($userfile)); } // Show Logged-In Message if ($_POST['command'] != 'Configuration' && $_POST['command'] != 'SaveConfig') { if (isset($_POST['source'])) { $link = explode(':', $_POST['source']); $golink = 'Continue to ' . $link[0] . ''; } else { $golink = ''; } echo "
"; echo "

You are logged in as " . $_POST['username'] . "

"; echo "

" . $golink . "

"; echo '
'; } // Apply Config if (isset($_POST['command']) && $_POST['command'] == 'SaveConfig') { // Confirm password if (! check_bbs_auth($user, $_POST['confirm_password'])) { $message = 'Password Incorrect
Please try again'; retry_configuration($message); } if ($OVERRIDES['disable_change_name'] != true) { if (trim($_POST['display_name']) == '') { $_POST['display_name'] = $user; } if (trim($_POST['display_email']) == '') { $_POST['display_email'] = get_user_config($user, 'email'); } // Don't allow using already existing username or alias $value = get_user_config($_POST['display_name'], 'encryptionkey'); if (! $value) { $value = get_config_file_value($config_dir . '/aliases.conf', strtolower($_POST['display_name'])); // Alias exists if $value is true if (strtolower($value) == $user) { // But it's our alias so it's ok to use $value = false; } } if (isset($OVERRIDES['reserved_names'])) { $reserved_names = $OVERRIDES['reserved_names']; } else { $reserved_names = array( "admin", "sysop" ); } if (isset($OVERRIDES['duplicate_aliases'])) { $dupe_ok = $OVERRIDES['duplicate_aliases']; } else { $dupe_ok = false; } foreach ($reserved_names as $name) { if (strtolower($_POST['display_name']) == strtolower($name)) { // It's a reserved alias $message = '' . $_POST['display_name'] . " is unavailable.
Please try again"; retry_configuration($message); } } if ($value && (strtolower($_POST['display_name']) != $user)) { // It's someone else's username or alias $message = '' . $_POST['display_name'] . " is unavailable.
Please try again"; retry_configuration($message); } // Validate email format if (filter_var($_POST['display_email'], FILTER_VALIDATE_EMAIL) == false) { // Email address format invalid. Format is important but does not need to be a real address $message = ' Display email format appears incorrect:
' . $_POST['display_email'] . '
Please try again'; retry_configuration($message); } // Check if email already exists in user database if ($founduser = check_registered_email_addresses(trim($_POST['display_email']))) { // Email exists in database if (strtolower($user) != strtolower($founduser)) { // It's someone else's email $message = '' . $_POST['display_email'] . " is unavailable.
Please try again"; retry_configuration($message); } } // New passwords do not match if ($_POST['password'] !== $_POST['password2']) { $message = ' New password entries do not match
Please try again'; retry_configuration($message); } $user_config['display_name'] = trim($_POST['display_name']); $user_config['display_email'] = trim($_POST['display_email']); // Apply alias into $config_dir/aliases_conf if (strtolower($user_config['display_name'] != strtolower($_POST['username']))) { $value_unique = true; if ($dupe_ok) { foreach ($dupe_ok as $dupe) { if ($dupe == strtolower($_POST['username'])) { $value_unique = false; break; } } } save_config_value($config_dir . '/aliases.conf', strtolower($user_config['display_name']), strtolower($_POST['username']), $value_unique); } } $user_config['signature'] = $_POST['signature']; $user_config['xface'] = preg_replace("/[\n\r]/", "", $_POST['xface']); $user_config['timezone'] = $_POST['timezone']; $user_config['theme'] = $_POST['theme']; $user_config['hide_unsub'] = $_POST['hide_unsub']; file_put_contents($config_dir . '/userconfig/' . $user . '.config', serialize($user_config)); $_SESSION['theme'] = $user_config['theme']; $mysubs = explode("\n", $_POST['subscribed']); foreach ($mysubs as $sub) { $sub = trim($sub); if ($sub == '') { continue; } if (! isset($userdata[$sub])) { $userdata[$sub] = 0; } $newsubs[$sub] = $userdata[$sub]; } file_put_contents($spooldir . '/' . $user . '-articleviews.dat', serialize($newsubs)); // Block posters $blockfile = $spooldir . '/' . strtolower($_COOKIE['mail_name']) . '-blocked_posters.dat'; if (file_exists($blockfile)) { $blocked_saved_config = unserialize(file_get_contents($blockfile)); } else { $blocked_saved_config = null; } $block = preg_split("/\r\n|\n|\r/", $_POST['blocked_users_config']); foreach ($block as $blocked_user) { foreach($blocked_saved_config as $key => $value) { if($key == $blocked_user) { $newblocks[$key] = $value; break; } } } file_put_contents($blockfile, serialize($newblocks)); // End Block posters $userdata = unserialize(file_get_contents($userfile)); if ($userdata) { ksort($userdata); } // Save new password if ((trim($_POST['password']) != '') && ($_POST['password'] == $_POST['password2'])) { $userFilename = $config_dir . '/users/' . strtolower($user); file_put_contents($userFilename, password_hash($_POST['password'], PASSWORD_DEFAULT)); } echo '
Configuration Saved for ' . $_POST['username'] . '
'; } else { $user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . $user . '.config')); } // Get themes $themedir = $rootdir . '/common/themes'; if (is_dir($themedir)) { if ($theme_list = opendir($themedir)) { while (($theme_dir = readdir($theme_list)) !== false) { if ($theme_dir == '.' || $theme_dir == '..' || ! is_dir($themedir . '/' . $theme_dir)) { continue; } $themes[] = $theme_dir; } closedir($theme_list); } } // Get settings for name and email if ($OVERRIDES['disable_change_name'] != true) { if (isset($user_config['display_name'])) { $display_name = $user_config['display_name']; } else { $display_name = $_POST['username']; } if (isset($user_config['display_email'])) { $display_email = $user_config['display_email']; } else { if (($display_email = get_user_config($_POST['username'], 'email')) == false) { $display_email = $_POST['username'] . '@' . $CONFIG['email_tail']; } } } sort($themes); if (isset($_REQUEST['command']) && $_REQUEST['command'] == 'Configuration') { // Use modifications from retry configuration if ($_POST['retry'] == "retry") { $display_name = $_POST['display_name']; $display_email = $_POST['display_email']; $user_config['signature'] = $_POST['signature']; $user_config['xface'] = preg_replace("/[\n\r]/", "", urldecode($_POST['xface'])); $user_config['hide_unsub'] = $_POST['hide_unsub']; $user_config['subscribed'] = $_POST['subscribed']; $user_config['theme'] = $_POST['theme']; $user_config['blocked_users_config'] = $_POST['blocked_users_config']; } // Show Config echo '

'; echo ''; echo ''; echo ''; echo ''; if ($OVERRIDES['disable_change_name'] != true) { // User Display Name echo ''; echo ''; // User Display Email echo ''; echo ''; } // Signature echo ''; echo ''; echo ''; // X-Face if ($OVERRIDES['disable_xface'] != true) { echo ''; $xflink = $config_dir . 'xface.txt'; if(file_exists($xflink)) { echo ''; } echo ''; } echo ''; // Theme if (isset($user_config['theme']) && trim($user_config['theme']) != '') { echo ''; } else { echo ''; } echo ''; echo ''; // Subscriptions if (! isset($user_config['hide_unsub'])) { $user_config['hide_unsub'] = 'show'; } echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; // Blocklist if ($userdata = get_user_mail_auth_data($_COOKIE['mail_name'])) { $blockfile = $spooldir . '/' . strtolower($_COOKIE['mail_name']) . '-blocked_posters.dat'; if (file_exists($blockfile)) { $blocked_users_config = unserialize(file_get_contents($blockfile)); } else { $blocked_users_config = null; } } echo ''; echo ''; echo ''; // User Display Name echo ''; echo ''; echo ''; // User Display Email echo ''; echo ''; echo ''; /* * // Timezone * echo ''; * echo ''; * echo ''; */ // Password confirmation echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '

Settings for ' . $_POST['username'] . ':

Display Name for posts:

'; echo '

Display Email for posts:

'; echo '

Signature:

X-Face:

' . file_get_contents($xflink) . '

Theme: (' . $user_config['theme'] . ')

Theme:

'; echo ''; echo '

Subscriptions:

'; echo ' While viewing section pages:
'; if ($user_config['hide_unsub'] == 'hide') { echo ''; } else { echo ''; } echo '
'; if ($user_config['hide_unsub'] == 'show') { echo ''; } else { echo ''; } echo ''; echo '

Subscribed groups:

Blocklist:

(you may only remove from this list)

New password:

'; echo '

Re-enter new password:

'; echo '
Timezone offset (+/- hours from UTC):

Current password:

(required)

'; echo '
'; echo ''; echo 'Cancel'; echo '

'; } else { echo '
'; } include "tail.inc"; function retry_configuration($message) { echo '
'; echo $message; echo '
'; echo ''; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ''; echo '
'; exit(); }