UserSpice 5.8.1 release

tocsindata · Jan 26, 2025 · 5cc949d · 5cc949d
2 parents 513f043 + 90f941b
commit 5cc949d
Show file tree

Hide file tree

Showing 4 changed files with 98 additions and 4 deletions.
diff --git a/users/admin.php b/users/admin.php
@@ -17,11 +17,12 @@
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-ini_set('max_execution_time', 1356);
-ini_set('memory_limit', '1024M');
+
 ?>
 <?php
+ini_set('allow_url_fopen', 1);
 require_once '../users/init.php';
+
 $view = Input::get('view');
 
 //note that the dashboard widget cards are in either users/modules/widgets.php or usersc/modules/widgets.php and are called from a view, which explains why they are not included in the list below. 
@@ -40,10 +41,12 @@
   "footer", //footer and plugin footers
   "dashboard_js", //ajax calls and general dashboard javascript
 ];
+
 foreach($modules as $m){
   if(file_exists($abs_us_root . $us_url_root . "usersc/modules/".$m.".php")){
     require_once $abs_us_root . $us_url_root . "usersc/modules/".$m.".php";
   }else{
     require_once $abs_us_root . $us_url_root . "users/modules/".$m.".php";
   }
 }
+
diff --git a/users/forgot_password_reset.php b/users/forgot_password_reset.php
@@ -46,6 +46,7 @@
 
 	//display the reset form.
 	$email = Input::get('email');
+	$email = str_replace(" ","+",$email);
 	$vericode = Input::get('vericode');
 	$ruser = new User($email);
 	$eventhooks =  getMyHooks(['page' => 'forgotPasswordResponse']);
@@ -73,7 +74,7 @@
 		));
 
 		if ($pw_settings->meter_active == 1 && $pw_settings->enforce_rules == 1) {
-			$doubleCheckPassword = userSpicePasswordStrength($newPw);
+			$doubleCheckPassword = userSpicePasswordStrength(Input::get('password'));
 			if ($doubleCheckPassword['isValid'] == false) {
 				//inject error before processing
 				$validation->addError([lang("JOIN_INVALID_PW"), 'password']);

diff --git a/users/includes/user_spice_ver.php b/users/includes/user_spice_ver.php
@@ -1,2 +1,6 @@
 <?php
-$user_spice_ver = '5.8.1';
+<<<<<<< HEAD
+$user_spice_ver = '5.8.1';
+=======
+$user_spice_ver = '5.7.9';
+>>>>>>> 90f941b608df41f6d3ec1c692be06a35c5603ab7
diff --git a/users/init.example.php b/users/init.example.php
@@ -0,0 +1,86 @@
+<?php
+die("Please edit the users/init.php with your database credentials.  You should also update the cookie and session names to something unique.  After that, you can delete the die statement at the top of the file and your site should work as expected.");
+
+//turns file based active loggin on or off. If set to true, it will log every page a user visits 
+//with some exceptions defined in usersc\includes\active_logging_custom.php
+define('USERSPICE_ACTIVE_LOGGING', false);
+
+require_once 'classes/class.autoloader.php';
+session_start();
+
+// disables the feature that prevents the updater from installing languages you didn't have before the update
+// $disable_language_purge = true;
+
+
+$abs_us_root=$_SERVER['DOCUMENT_ROOT'];
+
+$self_path=explode("/", $_SERVER['PHP_SELF']);
+$self_path_length=count($self_path);
+$file_found=FALSE;
+
+for($i = 1; $i < $self_path_length; $i++){
+	array_splice($self_path, $self_path_length-$i, $i);
+	$us_url_root=implode("/",$self_path)."/";
+
+	if (file_exists($abs_us_root.$us_url_root.'z_us_root.php')){
+		$file_found=TRUE;
+		break;
+	}else{
+		$file_found=FALSE;
+	}
+}
+
+require_once $abs_us_root.$us_url_root.'users/helpers/helpers.php';
+
+// Set config
+$GLOBALS['config'] = array(
+	'mysql'      => array(
+'host'         => 'localhost',
+'username'     => 'root',
+'password'     => '',
+'db'           => '5',
+),
+'remember'        => array(
+  'cookie_name'   => 'pmqesoxiw318374csb',
+  'cookie_expiry' => 604800  //One week, feel free to make it longer
+),
+'session' => array(
+  'session_name' => 'user',
+  'token_name' => 'token',
+)
+);
+
+//If you changed your UserSpice or UserCake database prefix
+//put it here.
+$db_table_prefix = "uc_";  //Old database prefix
+
+//adding more ids to this array allows people to access everything, whether offline or not. Use caution.
+$master_account = [1];
+
+$currentPage = currentPage();
+
+//Check to see if user has a remember me cookie
+if(Cookie::exists(Config::get('remember/cookie_name')) && !Session::exists(Config::get('session/session_name'))){
+	$hash = Cookie::get(Config::get('remember/cookie_name'));
+	$hashCheck = DB::getInstance()->query("SELECT * FROM users_session WHERE hash = ? AND uagent = ?",array($hash,Session::uagent_no_version()));
+
+	if ($hashCheck->count()) {
+		$user = new User($hashCheck->first()->user_id);
+		$user->login();
+
+	}
+}
+
+//Check to see that user is logged in on a temporary password
+$user = new User();
+
+//Check to see that user is verified
+if($user->isLoggedIn()){
+	if($user->data()->email_verified == 0 && $currentPage != 'verify.php' && $currentPage != 'logout.php' && $currentPage != 'verify_thankyou.php'){
+		Redirect::to($us_url_root.'users/verify.php');
+	}
+}
+$timezone_string = 'America/New_York';
+date_default_timezone_set($timezone_string);
+
+require_once $abs_us_root.$us_url_root."users/includes/loader.php";