<?php
if (!defined('INCLUDED_AMEMBER_CONFIG'))
die("Direct access to this location is not allowed");
class protect_fudforum extends amember_integration_plugin {
// get groups for select
function get_groups(){
global $config, $db;
if (!$this->config['db']) return array();
$q = $this->query("SELECT id, name
FROM [db]groups
WHERE id>1
");
$res = array('' => '*** No integration ***');
while (list($i, $n) = mysql_fetch_row($q)){
if (in_array($i, (array)$this_config['denied_levels'])) continue;
$res[$i] = $n;
}
return $res;
}
// return access for given user
// then calling script must assign $this_config['default_level']
function get_max($state){
global $db;
$ff_products = $this->get_products();
$res = array();
foreach ((array)$state as $product_id => $status){
if (!$status)
continue;
if (!$ff_products[$product_id])
continue;
$res[ $ff_products[$product_id] ]++;
}
$res = array_unique(array_keys($res));
return $res;
}
function get_products(){
global $db,$ff_products;
if($ff_products) return $ff_products;
## find products # which allow access to fudforum
$ff_products = array();
foreach ($db->get_products_list() as $p)
if ($p['fudforum_access']) $ff_products[ $p['product_id'] ] = $p['fudforum_access'];
return $ff_products;
}
function subscription_rebuild(&$users)
{
global $db;
// check all members from aMember DB
foreach ($users as $login => $rec)
{
$m = $db->users_find_by_string($login, 'login', 1);
$m = $m[0];
if ($m['login'] == $login)
$this->subscription_added($m['member_id'],
$rec['product_id'][0], $m);
}
}
function update_groups($member,$max){
$id = $this->query_one("SELECT id FROM [db]users WHERE login = '$member[login]'");
if(!$id) return;
$this->query("DELETE from [db]group_members where user_id='$id' AND group_id not in (".implode(',',$max).")");
foreach($max as $group_id)
$this->query($s="INSERT IGNORE into [db]group_members (user_id,group_id,group_members_opt) values('$id','$group_id',65536)");
}
function generate_salt()
{
return substr(md5(uniqid(mt_rand(), true)), 0, 9);
}
function subscription_added($member_id, $product_id, $member){
global $db, $config;
$max = $this->get_max($member['data']['status']);
if(!$max) return;
foreach ($member as $k=>$v)
$member[$k] = $db->escape($v);
$q = $this->query("SELECT id, passwd
FROM [db]users
WHERE login = '$member[login]'
");
list($id, $p) = mysql_fetch_row($q);
$salt = $this->generate_salt();
$pass = sha1($salt . sha1($member['pass']));
$tm = time();
$users_opt = 4619189;
/*
users_opt
000010001000111101110110101
000010001100111101110110101
000000000000000000000000001 1 = display_email (ON/OFF)
000000000000000000000000010 2 = notify (ON/OFF)
000000000000000000000000100 4 = notify_method (EMAIL/ICQ) (ICQ notification is no longer used)
000000000000000000000001000 8 = ignore_admin (ON/OFF)
000000000000000000000010000 16 = email_messages (ON/OFF)
000000000000000000000100000 32 = pm_messages (ON/OFF)
000000000000000000001000000 64 = pm_notify (ON/OFF)
000000000000000000010000000 128 = default_topic_view (MSG/TREE)
000000000000000000100000000 256 = default_message_view (MSG/TREE)
000000000000000001000000000 512 = gender (UNSPECIFIED)
000000000000000010000000000 1024 = gender (MALE/FEMALE)
000000000000000100000000000 2048 = append_sig (ON/OFF)
000000000000001000000000000 4096 = show_sigs (ON/OFF)
000000000000010000000000000 8192 = show_avatars (ON/OFF)
000000000000100000000000000 16384 = show_im (ON/OFF)
000000000001000000000000000 32768 = invisible_mode (ON/OFF)
000000000010000000000000000 65536 = blocked (ON/OFF)
000000000100000000000000000 131072 = email_conf (ON/OFF)
000000001000000000000000000 262144 = coppa (ON/OFF)
000000010000000000000000000 524288 = is_mod (ON/OFF)
000000100000000000000000000 1048576 = is_admin (ON/OFF)
000001000000000000000000000 2097152 = acc_status (PENDING/APPROVED)
000010000000000000000000000 4194304 = avatar_approved (No Avatar)
000100000000000000000000000 8388608 = avatar_approved YES
001000000000000000000000000 16777216 = avatar_approved NO
010000000000000000000000000 33554432 = admin disabled PM (ON/OFF)
100000000000000000000000000 67108864 = admin disabled signature (ON/OFF)
000000000000000000000000000 134217728 = do not send e-mail notifications (ON/OFF)
000000000000000000000000000 268435456 = account moderator (ON/OFF)
*/
if (!$p) {
$this->query($s = "INSERT INTO [db]users
SET
login = '$member[login]',
alias = '$member[login]',
passwd = '$pass',
salt = '$salt',
name = '$member[name_f] $member[name_l]',
email = '$member[email]',
avatar = '0',
avatar_loc = '',
icq = '',
aim = '',
yahoo = '',
msnm = '',
jabber = '',
affero = '',
posts_ppg = '0',
time_zone = 'America/New_York',
bday = '',
conf_key = '0',
user_image = '',
theme = '1',
posted_msg_count = '0',
last_visit = '0',
referer_id = '0',
last_read = '0',
custom_status = '',
sig = '',
join_date = '$tm',
level_id = '0',
reset_key = '0',
u_last_post_id = '0',
home_page = '',
bio = '',
cat_collapse_status = 'YES',
custom_color = '',
users_opt='$users_opt'");
$id = mysql_insert_id();
} else {
$this->query($s = "UPDATE [db]users
SET passwd = '$pass', salt = '$salt'
WHERE login = '$member[login]'
");
}
$this->update_groups($member,$max);
}
function subscription_updated($member_id, $oldmember, $newmember){
global $db, $config;
$salt = $this->generate_salt();
$pass = sha1($salt . sha1($newmember['pass']));
$email = $db->escape($newmember['email']);
$this->query($s = "UPDATE [db]users
SET passwd = '$pass',
salt = '$salt',
email = '$newmember[email]',
login = '$oldmember[login]'
WHERE login = '$oldmember[login]'
");
}
function subscription_deleted($member_id, $product_id, $member){
global $db, $config;
$product = $db->get_product($product_id);
if (!$product['fudforum_access']) return;
if (!$max=$this->get_max($member['data']['status']))
$this->query("DELETE FROM [db]group_members WHERE user_id=$id");
else
$this->update_groups($member,$max);
}
function subscription_removed($member_id, $member){
global $db, $config;
$q = $this->query("SELECT id, passwd
FROM [db]users
WHERE login = '$member[login]'
");
list($id, $p) = mysql_fetch_row($q);
if (!$id) return;
$this->query("DELETE FROM [db]group_members WHERE user_id=$id");
}
/*
$q = $this->query("SELECT user_pass, user_email FROM [db]users WHERE user_login = '$login'");
list($user_pass, $user_email) = mysql_fetch_row($q);
if (!$user_pass && !$user_email) return true;
if ($user_email != $email || !$this->wp_check_password($pass, $user_pass))
{
return false;
} else {
return true;
}
}
*/
function subscription_check_uniq_login($login, $email, $pass){
global $db, $config;
$login = $db->escape($login);
$email = $db->escape($email);
$f = $this->query_first("SELECT passwd,salt,email from [db]users where login='$login'");
if(!$f['email']) return true;
$fpass = sha1($f['salt'].sha1($pass));
if ($email != $f['email'] || $pass!=$fpass)
{
return false;
} else {
return true;
}
}
function ses_make_sysid()
{
$keys = array('HTTP_USER_AGENT', 'SERVER_PROTOCOL', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING', 'HTTP_ACCEPT_LANGUAGE');
foreach ($keys as $v) {
if (isset($_SERVER[$v])) {
$pfx .= $_SERVER[$v];
}
}
return md5($pfx);
}
function after_login($user){
global $db, $config;
if ($_SESSION['_amember_ff_cookies_set'])
return;
session_register('_amember_ff_cookies_set');
$user_login = $db->escape($user['login']);
foreach ($user as $k=>$v) $user[$k] = $db->escape($v);
$q = $this->query($s="SELECT *
FROM [db]users
WHERE login='$user_login'");
$member=mysql_fetch_assoc($q);
if (!$member['id']) return;
foreach ($member as $k=>$v) $member[$k] = $db->escape($v);
$hash = $this->ses_make_sysid();
if ($s_cookie = $_COOKIE['fud_session']) {
$s_cookie = $db->escape($s_cookie);
$this->query("DELETE FROM [db]ses WHERE
sys_id = '$hash'
AND ses_id <> '$s_cookie'");
$this->query($s = "UPDATE [db]ses SET
time_sec=UNIX_TIMESTAMP(NOW()),
sys_id='$hash',
user_id='$member[id]'
WHERE id='$s_cookie'");
$q = $this->query($s="SELECT COUNT(*)
FROM [db]ses WHERE ses_id='$s_cookie'");
list( $updated ) = mysql_fetch_row($q);
}
if (!strlen($s_cookie) || !$updated){
$s_cookie = md5( uniqid(microtime()) );
$this->query($s = "DELETE FROM [db]ses
WHERE sys_id='$hash' OR user_id='$member[id]'");
$this->query($s = "INSERT INTO [db]ses
(ses_id, sys_id, user_id, time_sec)
VALUES
('$s_cookie', '$hash', '{$member[id]}', UNIX_TIMESTAMP(NOW())
)
");
// print($s);
setcookie("fud_session", $s_cookie, 0, '/');
}
$GLOBALS['_amember_ff_cookies_set'] = 1;
$_SESSION['_amember_ff_cookies_set'] = 1;
session_register('_amember_ff_cookies_set');
$GLOBALS['_amember_ff_cookies_set'] = 1;
$_SESSION['_amember_ff_cookies_set'] = 1;
}
function after_logout(){
global $db, $plugins;
if ($_SESSION['_amember_logged_from_ff'] ||
$_SESSION['_amember_ff_cookies_set']){
// need to do logout in fudforum too
// Update the DB
$sid = $_COOKIE['fud_session'];
$sid = $db->escape($sid);
$this->query($s = "DELETE FROM [db]ses
WHERE ses_id='$sid'");
}
}
function check_logged_in(){
// check if user already logged-in with fudforum
// must return array($login, $pass)
// of logged-in fudforum customer or empty values
global $db,$config;
$sid = $db->escape($_COOKIE['fud_session']);
if ($sid){
$bb_user_id = $this->query_one("SELECT user_id FROM [db]ses WHERE ses_id='$sid'");
$bb_user = $this->query_first("SELECT * FROM [db]users WHERE id='$bb_user_id'");
$q = $db->query("SELECT
MD5(am.pass) = '$bb_user[passwd]' OR
am.pass = '$bb_user[passwd]', am.login, am.pass
FROM {$db->config[prefix]}members am
where am.login = '$bb_user[name]'");
list($correct, $l, $p) = mysql_fetch_row($q);
if ($correct){
$_SESSION['_amember_logged_from_ff']=1;
} else {
$l = $p = '';
}
}
return array($l,$p);
}
function add_config_items($notebook_page)
{
$pn = $this->get_plugin_name();
parent::add_db_config_items($pn, $notebook_page);
}
function init()
{
$pn = $this->get_plugin_name();
parent::init();
add_product_field("{$pn}_access",
'FudForum access', 'select', "users ordered this product will<br />
belong to the following group in FudForum", '',
array('options' => $this->get_groups()
));
}
/**
* Checks if table is exists in mysql connection
* @return boolean true if exists
*/
function check_db_prefix($mysql_connection_id, $db_prefix)
{
global $db;
if($res=mysql_query("SELECT * FROM {$db_prefix}users LIMIT 1", $mysql_connection_id))
{
if (preg_match("/SELECT command denied to user[:]? '(.+?)[']?@.+' for table '(.+?)'/i", @mysql_error($mysql_connection_id), $regs))
{
$db_name = preg_replace('/\..+$/', '', $db_prefix);
$error="Error: ". @mysql_error($mysql_connection_id) . ".<br />Please go to webhosting control panel -> MySQL database section <br />and allow access(add user to database) for user [$regs[1]] to database [$db_name].";
}
elseif (@mysql_errno($mysql_connection_id))
{
$error="DB - [$db_prefix] - incorrect value. Error: " . @mysql_error($mysql_connection_id);
}
}
else
{
$error="DB - [$db_prefix] - incorrect value. Error: " . @mysql_error($mysql_connection_id);
};
if($error)
{
$db->log_error(ucfirst($this->get_plugin_name())." plugin error: ".$error);
return $error;
}
return;
}
function check_db_settings($config){
if ($config['db'] && $config['host'] && $config['user'] && $config['pass'])
{
if(!($conn_id = @mysql_connect($config['host'],$config['user'],$config['pass'],1)))
{
$__pass="NO";
if($config['pass'])$__pass="YES";
return "Access denied for user '$config[user][email]'@'[/email]$config[host]' (using password: $__pass)";
}
else
{
list($__db, $dot, $prefix) = preg_split('|(\.)|', $config['db'], -1, PREG_SPLIT_DELIM_CAPTURE);
if(!@mysql_select_db($__db,$conn_id))
{
return @mysql_error($conn_id);
};
};
}
else
{
$conn_id = $GLOBALS['db']->conn;
}
return $this->check_db_prefix($conn_id, $config['db']);
}
function check_db_settings_for_setup($some,$config){
return $this->check_db_settings($this->__post_config($config));
}
function __post_config($config)
{
$p="protect";
$n = $this->get_plugin_name();
return array(
'db' => $config["${p}_${n}_db"],
'host' => $config["${p}_${n}_host"],
'user' => $config["${p}_${n}_user"],
'pass' => $config["${p}_${n}_pass"],
);
}
}
global $protect_fudforum;
global $plugin_error;
$protect_fudforum = instantiate_plugin("protect", "fudforum");
if($_POST['save'] && $_POST['notebook']=="fudforum")
$subconf=$protect_fudforum->__post_config($_POST);
else
$subconf=$config['protect']['fudforum'];
$plugin_error['fudforum'] = $protect_fudforum->check_db_settings($subconf);
if (!$plugin_error['fudforum'])
$protect_fudforum->init();
?>
Calendar
Search
Help
Members
Register
Login
Home
]