<?php
require('/home/themeparknl/html/themepark.nl/ubb/libs/smarty/Smarty.class.php');
$smarty = new Smarty();
$smarty->template_dir = 'templates/default';
$smarty->compile_dir = 'templates/compile';
require_once( "/home/themeparknl/html/themepark.nl/ubb/includes/config.inc.php" );
require_once( "/home/themeparknl/html/themepark.nl/ubb/libs/mysql.inc.php" );
require_once( "/home/themeparknl/html/themepark.nl/ubb/libs/html.inc.php");
require_once( "/home/themeparknl/html/themepark.nl/ubb/libs/ubbthreads.inc.php" );
$dbh = new sql;
$dbh->connect();
class admin {
function error( $x ) {
echo 'SQL error';
die;
}
}
class UserAuth {
var $fields;
var $is_logged_in;
var $permissions;
var $is_banned;
var $groups;
function UserAuth() {
global $config, $dbh;
$this->fields = array();
$this->is_logged_in = false;
$this->permissions = "";
$this->is_banned = false;
$this->groups = array();
$id = $this->fetch_cookie( "ubbt_myid" );
$pass = $this->fetch_cookie( "ubbt_pass" );
if( $id == 0 ) {
$this->is_logged_in = false;
$this->fields = array(
'USER_ID' => 1,
'USER_DISPLAY_NAME' => "Anonymous",
);
$this->get_permissions();
return;
}
$query = "
SELECT t1.USER_ID, t1.USER_DISPLAY_NAME, t1.USER_PASSWORD, t1.USER_MEMBERSHIP_LEVEL, t1.USER_IS_BANNED,
t2.*
FROM {$config['TABLE_PREFIX']}USERS as t1,
{$config['TABLE_PREFIX']}USER_PROFILE as t2
WHERE t1.USER_ID = t2.USER_ID AND t1.USER_ID = ?
";
$sth = $dbh->do_placeholder_query( $query, array( $id ), __LINE__, __FILE__ );
$temp = $dbh->fetch_array( $sth );
foreach( $temp as $k => $v ) {
if( is_numeric( $k ) ) {
unset( $temp[$k] );
}
}
$this->fields =& $temp;
$this->get_permissions();
$key = $this->fetch_cookie( "ubbt_key" );
$session = $this->fetch_cookie( "ubbt_mysess" );
if( $this->fields['USER_SESSION_ID'] == $session ) {
$this->is_logged_in = true;
$this->check_ban();
return;
}
if( $key == md5( $this->fields['USER_ID'] . $this->fields['USER_PASSWORD'] ) ) {
srand( (double) ( microtime() * 1000000 ) );
$new_session_id = md5( rand( 0, 32767 ) );
$now = time() + ( $config['SERVER_TIME_OFFSET'] * 3600 );
$query = "
UPDATE {$config['TABLE_PREFIX']}USERS
SET USER_SESSION_ID = ?
WHERE USER_ID = ?
";
$dbh->do_placeholder_query( $query, array( $new_session_id, $this->fields['USER_ID'] ), __LINE__, __FILE__ );
$this->set_cookie( "ubbt_mysess", $new_session_id );
$this->is_logged_in = true;
$query = "
UPDATE {$config['TABLE_PREFIX']}USER_DATA
SET USER_LAST_VISIT_TIME = ?
WHERE USER_ID = ?
";
$dbh->do_placeholder_query( $query, array( $now, $this->fields['USER_ID'] ), __LINE__, __FILE__ );
$this->check_ban();
return;
}
}
function check_ban() {
global $config, $dbh;
if( $this->fields['USER_IS_BANNED'] ) {
require_once( "/home/themeparknl/html/themepark.nl/ubb/libs/triggers.inc.php" );
$free = trigger_ban_expiration();
if( ! isset( $free[ $this->fields['USER_ID'] ] ) ) {
$this->is_banned = true;
}
}
$ip = $_SERVER['REMOTE_ADDR'];
$query = "
SELECT COUNT( BANNED_HOST )
FROM {$config['TABLE_PREFIX']}BANNED_HOSTS
WHERE ? LIKE BANNED_HOST
";
$sth = $dbh->do_placeholder_query( $query, array( $ip ), __LINE__, __FILE__ );
list( $banned ) = $dbh->fetch_array( $sth );
if( $banned ) {
$this->is_banned = true;
}
}
function fetch_cookie( $name ) {
global $config;
$k = $config['COOKIE_PREFIX'] . $name;
return isset( $_COOKIE[$k] ) ? $_COOKIE[$k] : "";
}
function set_cookie( $name, $value ) {
global $config;
$name = $config['COOKIE_PREFIX'] . $name;
$path = ( $config['COOKIE_PATH'] ? $config['COOKIE_PATH'] : ( $config['SEARCH_FRIENDLY_URLS'] ? "/" : "" ) );
setcookie( $name, $value, 0, $path );
if( $value ) {
$_SESSION[$name] = $value;
} else {
unset( $_SESSION[$name] );
}
}
function in_group( $id ) {
return in_array( $id, $this->groups );
}
function build_permissions() {
global $config, $dbh;
if( is_array( $this->permissions ) ) {
return true;
}
$this->permissions = array();
$query = "
SELECT GROUP_ID
FROM {$config['TABLE_PREFIX']}USER_GROUPS
WHERE USER_ID = ?
";
$sth = $dbh->do_placeholder_query( $query, array( $this->fields['USER_ID'] ), __LINE__, __FILE__ );
$groups = array();
while( $x = $dbh->fetch_array( $sth ) ) {
$groups[] = $x[0];
}
if( count( $groups ) == 0 ) {
$groups[] = "4";
}
$this->groups = $groups;
$query = "
SELECT *
FROM {$config['TABLE_PREFIX']}FORUM_PERMISSIONS
WHERE GROUP_ID in ( ? )
";
$sth = $dbh->do_placeholder_query( $query, array( $groups ), __LINE__, __FILE__ );
while( $result = $dbh->fetch_array( $sth ) ) {
if( ! $this->check_access( $result['FORUM_ID'], "read" ) ) {
$this->set_access( $result['FORUM_ID'], "read", $result['FORUM_PERMISSION_CAN_READ'] );
}
if( ! $this->check_access( $result['FORUM_ID'], "topic" ) ) {
$this->set_access( $result['FORUM_ID'], "topic", $result['FORUM_PERMISSION_CAN_CREATE_TOPIC'] );
}
if( ! $this->check_access( $result['FORUM_ID'], "reply" ) ) {
$this->set_access( $result['FORUM_ID'], "reply", $result['FORUM_PERMISSION_CAN_CREATE_REPLY'] );
}
}
$now = time();
$cutoff = $now - ( 3600 * 4 );
$query = "
DELETE FROM {$config['TABLE_PREFIX']}CACHED_PERMISSIONS
WHERE CACHED_TIMESTAMP < ?
";
$dbh->do_placeholder_query( $query, array( $cutoff ), __LINE__, __FILE__ );
$query = "
REPLACE INTO {$config['TABLE_PREFIX']}CACHED_PERMISSIONS
( USER_ID, CACHED_PERMISSION_DATA, CACHED_TIMESTAMP )
VALUES ( ?, ?, ? )
";
}
function get_permissions() {
global $config, $dbh;
$query = "
SELECT CACHED_PERMISSION_DATA
FROM {$config['TABLE_PREFIX']}CACHED_PERMISSIONS
WHERE USER_ID = ?
";
list( $data ) = $dbh->fetch_array( $sth );
$this->build_permissions();
return true;
$this->permissions = unserialize( $data );
return is_array( $this->permissions );
}
function check_access( $id, $type ) {
return isset( $this->permissions[$id][$type] ) && $this->permissions[$id][$type] == 1;
}
function set_access( $id, $type, $val ) {
if( ! isset( $this->permissions[$id] ) ) {
$this->permissions[$id] = array();
}
$this->permissions[$id][$type] = $val;
}
}
?>
