STK Not Generating Password!

JackMorgan · Post by **JackMorgan** » Tue Jun 29, 2010 8:58 pm

Whilst trying to fix the cookie/session problem i locked myself out of the board with an error saying I can't log in without a password. After some research I found out that the STK could get me into my board so i installed in correctly but when i click to generate a new pass it doesnt redirect me it just puts me back on the same page, but its meant to ask me to download a file.

Any help would be greatly appreciated.

Jack

Erik Frèrejean · Post by **Erik Frèrejean** » Tue Jun 29, 2010 9:35 pm

Download the file and upload it into the stk/ directory on the server, than reload the support toolkit (as explained on that page). The STK doesn't write the file itself as that would give everyone the ability to login to the toolkit

JackMorgan · Post by **JackMorgan** » Wed Jun 30, 2010 6:48 am

Sorry, maybe i didn't explain it clearly it doesn't ask me to download a new file or anything i click generate and nothing happens, from the screen shots i am led to believe that it redirects you to a page where you download the the file. i understand the part when you upload it etc.

Jack

Erik Frèrejean · Post by **Erik Frèrejean** » Wed Jun 30, 2010 7:33 am

You don't have a download button?

JackMorgan · Post by **JackMorgan** » Wed Jun 30, 2010 2:43 pm

No i Dont, I click on the button shown in the picture and it loads but loads the same page, redirecting me to the same page.

Image: http://i515.photobucket.com/albums/t355 ... shot-1.png

FYI. I cant write with a brush

P.S: I would use the image tag but it didnt show the full picture.

Jack

Erik Frèrejean · Post by **Erik Frèrejean** » Wed Jun 30, 2010 2:48 pm

Please provide a link to your STK install, if you don't want to post the link here you may send it in a pm to me.

Erik Frèrejean · Post by **Erik Frèrejean** » Wed Jun 30, 2010 2:51 pm

The page looks correct.
Please post (inside code tags!) your stk/index.php and stk/includes/functions.php

JackMorgan · Post by **JackMorgan** » Wed Jun 30, 2010 2:55 pm

stk/index.php

Code: Select all

<?php
/**
*
* @package Support Toolkit
* @version $Id: index.php 449 2010-06-22 02:28:52Z phil $
* @copyright (c) 2009 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/

// What version are we using?
define('STK_VERSION', '1.0.1-pl1');
//define('STK_QA', false);

define('IN_PHPBB', true);
define('ADMIN_START', true);

// This seems like a rather nasty thing to do, but the only places this IN_LOGIN is checked is in session.php when creating a session
// Reason for having it is that it allows us in the STK if we can not login and the board is disabled.
define('IN_LOGIN', true);

if (!defined('PHPBB_ROOT_PATH')) { define('PHPBB_ROOT_PATH', './../'); }
if (!defined('PHP_EXT')) { define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1)); }
if (!defined('STK_ROOT_PATH')) { define('STK_ROOT_PATH', './'); }
if (!defined('STK_INDEX')) { define('STK_INDEX', STK_ROOT_PATH . 'index.' . PHP_EXT); }

// Make that phpBB itself understands out paths
$phpbb_root_path = PHPBB_ROOT_PATH;
$phpEx = PHP_EXT;

// Init our critical repair class
include(STK_ROOT_PATH . 'includes/critical_repair.' . PHP_EXT);
$critical_repair = new critical_repair;

// We run this tool manually to ensure it is called first
$critical_repair->run_tool('bom_sniffer');
$critical_repair->run_tool('config_repair');

require(PHPBB_ROOT_PATH . 'common.' . PHP_EXT);
require(STK_ROOT_PATH . 'includes/functions.' . PHP_EXT);
require(STK_ROOT_PATH . 'includes/plugin.' . PHP_EXT);
// We test for UMIL twice. First look whether this user already has an UMIL installation in its default location.
if (file_exists(PHPBB_ROOT_PATH . 'umil/umil.' . PHP_EXT))
{
	require PHPBB_ROOT_PATH . 'umil/umil.' . PHP_EXT;
}
else
{
	require STK_ROOT_PATH . 'includes/umil.' . PHP_EXT;
}

// Overwrite the phpBB error handler
set_error_handler('stk_msg_handler');

// Start session management
$user->session_begin();
$auth->acl($user->data);

// Make sure that umil is always usable
$umil = new umil(true);

// We'll run the rest of the critical repair tools automatically now
$critical_repair->autorun_tools();

// Setup the user
$user->setup('acp/common', $config['default_style']);

// Language path.  We are using a custom language path to keep all the files within the stk/ folder.  First check if the $user->data['user_lang'] path exists, if not, check if the default lang path exists, and if still not use english.
stk_add_lang('common');

// Do not use the normal template path (to prevent issues with boards using alternate styles)
$template->set_custom_template(STK_ROOT_PATH . 'style', 'stk');

// Work around for a bug in phpBB3.
$user->theme['template_storedb'] = false;

// Setup some variables
$action = request_var('action', '');
$submit = request_var('submit', false);

// Perform some quick tasks here that don't require any authentication!
perform_unauthed_quick_tasks($action);

/*
* Start Login
*/
$stk_passwd = $stk_passwd_expiration = FALSE;
// See whether we have an emergency login file
if (file_exists(STK_ROOT_PATH . 'passwd.' . PHP_EXT) && $user->data['user_type'] != USER_FOUNDER)
{
	// Include the file
	include(STK_ROOT_PATH . 'passwd.' . PHP_EXT);

	// Can we use trust this password
	if ($stk_passwd_expiration === false || time() > $stk_passwd_expiration)
	{
		// No. Unset the password and try to remove the file
		unset($stk_passwd);
		perform_authed_quick_tasks('delpasswdfile');
	}
}

// Do the actual login.
if ($stk_passwd !== false)
{
	// We need to reset the session_id here.
	// If an incorrect session_id is in the user's cookies (with the correct sid in the URL) we will keep failing the check_form_key and we can not login to fix the cookie problem otherwise!
	$user->session_id = '';

	// Set some vars
	$cookie_token	= request_var('stk_token', '', true, true);
	$err_msg		= '';
	$login_token	= request_var('stk_pass', '', true);
	$stk_session	= false;

	// One foot in the air for an active session
	if (!empty($cookie_token))
	{
		if (phpbb_check_hash($stk_passwd, $cookie_token))
		{
			$stk_session = true;
			unset($stk_passwd, $login_token);
		}
	}

	// No active session?
	if (!$stk_session)
	{
		// We're trying to login
		if (isset($_POST['login']))
		{
			if ($cache->get('_stk_last_login') !== false)
			{
				// Make sure that we do not have an stk_last_login cache file (expires after 3 seconds).  To prevent a bruteforce attack
				$err_msg = 'STK_LOGIN_WAIT';
			}
			else if (!check_form_key('stk_login_form'))
			{
				$err_msg = 'FORM_INVALID';
			}
			else
			{
				// Create a hash of the given token to compare the password
				$login_token_hash = phpbb_hash($login_token);

				if (phpbb_check_hash($stk_passwd, $login_token_hash))
				{
					$stk_session = true;

					// Create a session cookie to keep the user logged in
					setcookie('stk_token', $login_token_hash, 0);
				}
				else
				{
					// Store a cache file letting us know when the last login failure attempt was
					$cache->put('_stk_last_login', true, 3);

					$err_msg = 'INCORRECT_PASSWORD';
				}
			}
		}

		// Past this point we don't want the passwords anymore
		unset($stk_passwd, $login_token);

		// Still no session. Make the user happy and show him something to work with
		if (!$stk_session)
		{
			add_form_key('stk_login_form');

			$template->assign_vars(array(
				// Password field related
				'TITLE'			=> $user->lang['SUPPORT_TOOL_KIT_PASSWORD'],
				'TITLE_EXPLAIN'	=> $user->lang['SUPPORT_TOOL_KIT_PASSWORD_EXPLAIN'],

				// Other page stuff
				'LOGIN_ERROR'			=> (!empty($err_msg)) ? $user->lang[$err_msg] : false,

				'U_ACTION'				=> append_sid(STK_INDEX, false, true, $user->session_id),
				'U_INDEX'				=> append_sid(PHPBB_ROOT_PATH . 'index.' . PHP_EXT),

				// Identify this method in the template
				'S_STK_LOGIN_METHOD'	=> true,
			));

			page_header($user->lang['LOGIN'], false);

			$template->set_filenames(array(
				'body' => 'login_body.html',
			));

			page_footer(false);
		}
	}

	// Tell the template engine we're logged through this
	$template->assign_vars(array(
		'S_STK_LOGIN'			=> true,
		'STK_LOGIN_DISABLE_MSG'	=> sprintf($user->lang['USING_STK_LOGIN'], append_sid(STK_INDEX, array('action' => 'delpasswdfile'))),
	));

	// Don't use "Anonymous" as username
	$user->data['username'] = $user->lang['EMERGENCY_LOGIN_NAME'];
}
// phpBB authentication. Only allow founders to pass!
else
{
	if (!$user->data['is_registered'])
	{
		$user->add_lang('ucp');

		// Assign a string only used here
		$template->assign_var('GEN_PASS_FILE_EXPLAIN', sprintf($user->lang['GEN_PASS_FILE_EXPLAIN'], append_sid(STK_INDEX, array('action' => 'genpasswdfile'))));

		// A user can potentially access this file directly
		login_box('', $user->lang['STK_NON_LOGIN'], '', false, false);
	}

	// This requires that the user is logged in as an administrator (like how the ACP requires two logins)
	if (!isset($user->data['session_admin']) || !$user->data['session_admin'])
	{
		// Proceed to ACP is misleading
		$user->lang['PROCEED_TO_ACP'] = $user->lang['PROCEED_TO_STK'];

		login_box('', $user->lang['STK_FOUNDER_ONLY'], $user->lang['LOGIN_STK_SUCCESS'], true, false);
	}

	// Only Board Founders may use the STK
	if ($user->data['user_type'] != USER_FOUNDER)
	{
		trigger_error('BOARD_FOUNDER_ONLY');
	}
}
/*
* End Login
*/

// Before we continue check whether this is the latest version of the STK, if not. Block access.
stk_version_check();

// From this point we'll be able to use the full STK layout
$template->assign_var('S_STK_FULL_BODY', true);

// Perform some quick tasks here that require the user to be authenticated
perform_authed_quick_tasks($action);

// If they canceled redirect them to the STK index.
if (isset($_POST['cancel']))
{
	redirect(append_sid(STK_INDEX, false, true, $user->session_id));
}

// Setup the plugin manager
$plugin = new plugin();

// Output common stuff
$template->assign_vars(array(
	'U_ACTION'		=> append_sid(STK_INDEX, $plugin->url_arg(), true, $user->session_id),
	'U_ADM_INDEX'	=> append_sid(PHPBB_ROOT_PATH . 'adm/index.' . PHP_EXT, false, true, $user->session_id),
	'U_ADM_LOGOUT'	=> append_sid(PHPBB_ROOT_PATH . 'adm/index.' . PHP_EXT, 'action=admlogout', true, $user->session_id),
	'U_STK_INDEX'	=> append_sid(STK_INDEX, false, true, $user->session_id),
	'U_STK_LOGOUT'	=> append_sid(STK_INDEX, 'action=stklogout', true, $user->session_id),
	'U_BACK_TOOL'	=> ($plugin->get_part('t')) ? append_sid(STK_INDEX, $plugin->url_arg(), true, $user->session_id) : false,
	'U_INDEX'		=> append_sid(PHPBB_ROOT_PATH . 'index.' . PHP_EXT),
	'U_LOGOUT'		=> append_sid(PHPBB_ROOT_PATH . 'ucp.' . PHP_EXT, 'mode=logout', true, $user->session_id),

	'USERNAME'		=> $user->data['username'],
));

// Does the user want to run a tool?
if ($plugin->get_part('t'))
{
	// Load the tool
	$tool = $plugin->load_tool($plugin->get_part('c'), $plugin->get_part('t'));

	// Can we use this tool?
	if (method_exists($tool, 'tool_active'))
	{
		if (($msg = $tool->tool_active()) !== true)
		{
			if ($msg === false)
			{
				$msg = $user->lang['TOOL_NOT_AVAILABLE'];
			}
			else
			{
				$msg = isset($user->lang[$msg]) ? $user->lang[$msg] : $msg;
			}

			trigger_error($msg);
		}
	}

	$error = array();
	if ($submit)
	{
		// In run_tool do whatever is required.  If there is an error, put it into the array and the display options will be ran again
		$tool->run_tool($error);
	}

	if (!$submit || !empty($error))
	{
        /*
        * Instead of building a page yourself you may return an array with the options you want to show.  This is outputted similar to how the acp_board is.
        * You may also send back a string if you just want a confirm box shown with that string used for the title
        */
		$options = $tool->display_options();

		if (is_array($options) && isset($options['vars']))
		{
			page_header($user->lang[$options['title']]);

			// Go through each error and see if the key exists in the $user->lang.  If it does, use that.
			if (!empty($error))
			{
				array_walk($error, 'use_lang');
			}

			$template->assign_vars(array(
				'L_TITLE'			=> $user->lang[$options['title']],
				'L_TITLE_EXPLAIN'	=> (isset($user->lang[$options['title'] . '_EXPLAIN'])) ? $user->lang[$options['title'] . '_EXPLAIN'] : '',

				'S_ERROR'			=> (!empty($error)) ? true : false,
				'ERROR_MSG'			=> (!empty($error)) ? implode('<br />', $error) : '',
			));

			foreach ($options['vars'] as $name => $vars)
			{
				if (!is_array($vars) && strpos($name, 'legend') === false)
				{
					continue;
				}

				if (strpos($name, 'legend') !== false)
				{
					$template->assign_block_vars('options', array(
						'S_LEGEND'		=> true,
						'LEGEND'		=> (isset($user->lang[$vars])) ? $user->lang[$vars] : $vars)
					);

					continue;
				}

				$type = explode(':', $vars['type']);

				$l_explain = '';
				if ($vars['explain'] && isset($vars['lang_explain']))
				{
					$l_explain = (isset($user->lang[$vars['lang_explain']])) ? $user->lang[$vars['lang_explain']] : $vars['lang_explain'];
				}
				else if ($vars['explain'])
				{
					$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
				}

				$content = build_cfg_template($type, $name, $vars);

				if (empty($content))
				{
					continue;
				}

				$template->assign_block_vars('options', array(
					'KEY'			=> $name,
					'TITLE'			=> (isset($user->lang[$vars['lang']])) ? $user->lang[$vars['lang']] : $vars['lang'],
					'S_EXPLAIN'		=> $vars['explain'],
					'TITLE_EXPLAIN'	=> $l_explain,
					'CONTENT'		=> $content['tpl'],

					// Find user link
					'S_FIND_USER'	=> (isset($content['find_user'])) ? true : false,
					'U_FIND_USER'	=> (isset($content['find_user'])) ? append_sid(PHPBB_ROOT_PATH . 'memberlist.' . PHP_EXT, array('mode' => 'searchuser', 'form' => 'select_user', 'field' => 'username', 'select_single' => 'true', 'form' => 'stk', 'field' => $content['find_user_field'])) : '',
				));
			}

			$template->set_filenames(array(
				'body' => 'tool_options.html',
			));

			page_footer();
		}
		else if (is_string($options))
		{
			if (confirm_box(true))
			{
				$tool->run_tool();
			}
			else
			{
				confirm_box(false, $options, '', 'confirm_body.html', 'stk/index.' . PHP_EXT . $plugin->url_arg(true));
			}
		}
		else
		{
			// The page should have been setup by the tool.  We will exit to prevent the redirect from below.
			exit;
		}
	}

	// Should never get here...
	redirect(append_sid(STK_INDEX, false, true, $user->session_id));
}
else
{
	// Output the main page
	page_header($user->lang['SUPPORT_TOOL_KIT']);

	// In de event the request category is empty force it to main.
	if (!$plugin->get_part('c'))
	{
		$plugin->set_part('c', 'main');
	}

	// Category title and desc if available
	$template->assign_vars(array(
		'L_TITLE'			=> $user->lang['CAT_' . strtoupper($plugin->get_part('c'))],
		'L_TITLE_EXPLAIN'	=> isset($user->lang['CAT_' . strtoupper($plugin->get_part('c')) . '_EXPLAIN']) ? $user->lang['CAT_' . strtoupper($plugin->get_part('c')) . '_EXPLAIN'] : '',
	));

	$template->set_filenames(array(
		'body' => 'index_body.html',
	));

	page_footer();
}
?>

stk/includes/functions.php

Code: Select all

<?php
/**
*
* @package Support Toolkit
* @version $Id: functions.php 443 2010-06-22 00:08:22Z phil $
* @copyright (c) 2009 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/

/**
 * @ignore
 */
if (!defined('IN_PHPBB'))
{
	exit;
}

/**
* Build configuration template for acp configuration pages
*
* Slightly modified from adm/index.php
*/
function build_cfg_template($tpl_type, $name, $vars)
{
	global $user;

	$tpl = array();

	// Give the option to not do a request_var here and never do it for password fields.
	if ((!isset($vars['no_request_var']) || !$vars['no_request_var']) && $tpl_type[0] != 'password')
	{
		$default = (isset($vars['default'])) ? request_var($name, $vars['default']) : request_var($name, '');
	}
	else
	{
		$default = (isset($vars['default'])) ? $vars['default'] : '';
	}

	switch ($tpl_type[0])
	{
		case 'text':
			// If requested set some vars so that we later can display the link correct
			if (isset($vars['select_user']) && $vars['select_user'] === true)
			{
				$tpl['find_user']		= true;
				$tpl['find_user_field']	= $name;
			}
		case 'password':
			$size = (int) $tpl_type[1];
			$maxlength = (int) $tpl_type[2];

			$tpl['tpl'] = '<input id="' . $name . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $default . '" />';
		break;

		case 'textarea':
			$rows = (int) $tpl_type[1];
			$cols = (int) $tpl_type[2];

			$tpl['tpl'] = '<textarea id="' . $name . '" name="' . $name . '" rows="' . $rows . '" cols="' . $cols . '">' . $default . '</textarea>';
		break;

		case 'radio':
			$name_yes	= ($default) ? ' checked="checked"' : '';
			$name_no	= (!$default) ? ' checked="checked"' : '';

			$tpl_type_cond = explode('_', $tpl_type[1]);
			$type_no = ($tpl_type_cond[0] == 'disabled' || $tpl_type_cond[0] == 'enabled') ? false : true;

			$tpl_no = '<label><input type="radio" name="' . $name . '" value="0"' . $name_no . ' class="radio" /> ' . (($type_no) ? $user->lang['NO'] : $user->lang['DISABLED']) . '</label>';
			$tpl_yes = '<label><input type="radio" id="' . $name . '" name="' . $name . '" value="1"' . $name_yes . ' class="radio" /> ' . (($type_no) ? $user->lang['YES'] : $user->lang['ENABLED']) . '</label>';

			$tpl['tpl'] = ($tpl_type_cond[0] == 'yes' || $tpl_type_cond[0] == 'enabled') ? $tpl_yes . $tpl_no : $tpl_no . $tpl_yes;
		break;

		case 'checkbox':
			$checked	= ($default) ? ' checked="checked"' : '';

			$tpl['tpl'] = '<input type="checkbox" id="' . $name . '" name="' . $name . '"' . $checked . ' />';
		break;

		case 'select':
		case 'select_multiple' :
		case 'custom':

			$return = '';

			if (isset($vars['function']))
			{
				$call = $vars['function'];
			}
			else
			{
				break;
			}

			if (isset($vars['params']))
			{
				$args = array();
				foreach ($vars['params'] as $value)
				{
					switch ($value)
					{
						case '{CONFIG_VALUE}':
							$value = $default;
						break;

						case '{KEY}':
							$value = $name;
						break;
					}

					$args[] = $value;
				}
			}
			else
			{
				$args = array($default, $name);
			}

			$return = call_user_func_array($call, $args);

			if ($tpl_type[0] == 'select')
			{
				$tpl['tpl'] = '<select id="' . $name . '" name="' . $name . '">' . $return . '</select>';
			}
			else if ($tpl_type[0] == 'select_multiple')
			{
				$tpl['tpl'] = '<select id="' . $name . '" name="' . $name . '[]" multiple="multiple">' . $return . '</select>';
			}
			else
			{
				$tpl['tpl'] = $return;
			}

		break;

		default:
		break;
	}

	if (isset($vars['append']))
	{
		$tpl['tpl'] .= $vars['append'];
	}

	return $tpl;
}

/**
* Use Lang
*
* A function for checking if a language key exists and changing the inputted var to the language value if it does.
* Build for the array_walk used on $error
*/
function use_lang(&$lang_key)
{
	global $user;

	$lang_key = user_lang($lang_key);
}

/**
* A wrapper function for the phpBB $user->lang() call. This method was introduced
* in phpBB 3.0.3. In all versions ≥ 3.0.3 this function will simply call the method
* for the other versions this method will imitate the method as seen in 3.0.3.
*
* More advanced language substitution
* Function to mimic sprintf() with the possibility of using phpBB's language system to substitute nullar/singular/plural forms.
* Params are the language key and the parameters to be substituted.
* This function/functionality is inspired by SHS` and Ashe.
*
* Example call: <samp>$user->lang('NUM_POSTS_IN_QUEUE', 1);</samp>
*/
function user_lang()
{
	global $user;

	$args = func_get_args();

	if (method_exists($user, 'lang'))
	{
		return $user->lang($args[0]);
	}
	else
	{
		$key = $args[0];

		// Return if language string does not exist
		if (!isset($user->lang[$key]) || (!is_string($user->lang[$key]) && !is_array($user->lang[$key])))
		{
			return $key;
		}

		// If the language entry is a string, we simply mimic sprintf() behaviour
		if (is_string($user->lang[$key]))
		{
			if (sizeof($args) == 1)
			{
				return $user->lang[$key];
			}

			// Replace key with language entry and simply pass along...
			$args[0] = $user->lang[$key];
			return call_user_func_array('sprintf', $args);
		}

		// It is an array... now handle different nullar/singular/plural forms
		$key_found = false;

		// We now get the first number passed and will select the key based upon this number
		for ($i = 1, $num_args = sizeof($args); $i < $num_args; $i++)
		{
			if (is_int($args[$i]))
			{
				$numbers = array_keys($user->lang[$key]);

				foreach ($numbers as $num)
				{
					if ($num > $args[$i])
					{
						break;
					}

					$key_found = $num;
				}
			}
		}

		// Ok, let's check if the key was found, else use the last entry (because it is mostly the plural form)
		if ($key_found === false)
		{
			$numbers = array_keys($user->lang[$key]);
			$key_found = end($numbers);
		}

		// Use the language string we determined and pass it to sprintf()
		$args[0] = $user->lang[$key][$key_found];
		return call_user_func_array('sprintf', $args);
	}
}

/**
* Stk add lang
*
* A wrapper for the $user->add_lang method that will use the custom language path that is used
* in this tool kit.
* The function shall first try to include the file in the users language, if that fails it will
* take the boards default language, if that also fails it will fall back to English
*
* @param	String	$lang_file	the name of the language file
*/
function stk_add_lang($lang_file)
{
	global $config, $user;

	// Internally cache some data
	static $lang_data	= array();
	static $lang_dirs	= array();
	static $is_302		= null;

	// Store current phpBB data
	if (empty($lang_data))
	{
		$lang_data = array(
			'lang_path'	=> $user->lang_path,
			'lang_name'	=> $user->lang_name,
		);
	}

	// Empty the lang_name
	$user->lang_name = '';

	// Find out what languages we could use
	if (empty($lang_dirs))
	{
		$lang_dirs = array(
			$user->data['user_lang'],			// User default
			basename($config['default_lang']),	// Board default
			'en',								// System default
		);

		// Only unique dirs
		$lang_dirs = array_unique($lang_dirs);
	}

	// Which phpBB version is the user using
	if (is_null($is_302))
	{
		// There are different ways of handling language paths due to the changes
		// made in phpBB 3.0.3 (set custom lang path)
		if (version_compare($config['version'], '3.0.2', '<='))
		{
			$is_302 = true;
		}
		else
		{
			$is_302 = false;
		}
	}

	// Switch to the STK language dir
	$user->lang_path = STK_ROOT_PATH . 'language/';

	// Test all languages
	foreach ($lang_dirs as $dir)
	{
		if (file_exists($user->lang_path . $dir . "/{$lang_file}." . PHP_EXT))
		{
			$user->lang_name = $dir;
			break;
		}
	}

	// No language file :/
	if (empty($user->lang_name))
	{
		trigger_error("Language file: {$lang_file}." . PHP_EXT . ' missing!', E_USER_ERROR);
	}

	// In phpBB <= 3.0.2 the lang_name is stored in the lang_path
	if ($is_302)
	{
		$user->lang_path .= $user->lang_name . '/';
	}

	// Add the file
	$user->add_lang($lang_file);

	// Now reset the paths so phpBB can continue to operate as usual
	$user->lang_path = $lang_data['lang_path'];
	$user->lang_name = $lang_data['lang_name'];
}

/**
 * Perform all quick tasks that has to be ran before we authenticate
 *
 * @param	String	$action	The action to perform
 */
function perform_unauthed_quick_tasks($action)
{
	global $template, $user;

	switch ($action)
	{
		// If the user wants to destroy their STK login cookie
		case 'stklogout' :
			setcookie('stk_token', '', (time() - 31536000));
			meta_refresh(3, append_sid(PHPBB_ROOT_PATH . 'index.' . PHP_EXT));
			trigger_error('STK_LOGOUT_SUCCESS');
		break;

		// Generate the passwd file
		case 'genpasswdfile' :
			// Create a 25 character alphanumeric password (easier to select with a browser and won't cause confusion like it could if it ends in "." or something).
			$_pass_string = substr(preg_replace(array('#([^a-zA-Z0-9])#', '#0#', '#O#'), array('', 'Z', 'Y'), phpbb_hash(unique_id())), 2, 25);

			// The password is usable for 6 hours from now
			$_pass_exprire = time() + 21600;

			// Print a message and tell the user what to do and where to download this page
			page_header($user->lang['GEN_PASS_FILE'], false);

			$template->assign_vars(array(
				'PASS_GENERATED'			=> sprintf($user->lang['PASS_GENERATED'], $_pass_string, $user->format_date($_pass_exprire, false, true)),
				'PASS_GENERATED_REDIRECT'	=> sprintf($user->lang['PASS_GENERATED_REDIRECT'], append_sid(STK_ROOT_PATH . 'index.' . PHP_EXT)),
				'S_HIDDEN_FIELDS'			=> build_hidden_fields(array('pass_string' => $_pass_string, 'pass_exp' => $_pass_exprire)),
				'U_ACTION'					=> append_sid(STK_INDEX, array('action' => 'downpasswdfile')),
			));

			$template->set_filenames(array(
				'body'	=> 'gen_password.html',
			));
			page_footer(false);
		break;

		// Download the passwd file
		case 'downpasswdfile' :
			$_pass_string	= request_var('pass_string', '', true);
			$_pass_exprire	= request_var('pass_exp', 0);

			// Something went wrong, stop execution
			if (!isset($_POST['download_passwd']) || empty($_pass_string) || $_pass_exprire <= 0)
			{
				trigger_error($user->lang['GEN_PASS_FAILED'], E_USER_ERROR);
			}

			// Create the file and let the user download it
			header('Content-Type: text/x-delimtext; name="passwd.' . PHP_EXT . '"');
			header('Content-disposition: attachment; filename=passwd.' . PHP_EXT);

			print ("<?php
/**
* Support Toolkit emergency password.
* The file was generated on: " . $user->format_date($_pass_exprire - 21600, 'd/M/Y H:i.s', true)) . " and will expire on: " . $user->format_date($_pass_exprire, 'd/M/Y H:i.s', true) . ".
*/

// This file can only be from inside the Support Toolkit
if (!defined('IN_PHPBB') || !defined('STK_VERSION'))
{
	exit;
}

\$stk_passwd\t\t\t\t= '{$_pass_string}';
\$stk_passwd_expiration\t= {$_pass_exprire};
?>";
			exit_handler();
		break;
	}
}

/**
 * Perform all quick tasks that require the user to be authenticated
 *
 * @param	String	$action	The action we'll be performing
 */
function perform_authed_quick_tasks($action)
{
	global $user;

	switch ($action)
	{
		// User wants to logout and remove the password file
		case 'delpasswdfilelogout' :
			$logout = true;

			// No Break;

		// If the user wants to distroy the passwd file
		case 'delpasswdfile' :
			if (file_exists(STK_ROOT_PATH . 'passwd.' . PHP_EXT) && false === @unlink(STK_ROOT_PATH . 'passwd.' . PHP_EXT))
			{
				// Shouldn't happen. Kill the script
				trigger_error($user->lang['FAIL_REMOVE_PASSWD'], E_USER_ERROR);
			}

			// Log him out
			if ($logout)
			{
				perform_unauthed_quick_tasks('stklogout');
			}
		break;
	}
}

/**
 * Check the STK version. If out of date
 * block access to the kit
 * @return unknown_type
 */
function stk_version_check()
{
	global $cache, $template, $umil, $user;

	// We cache the result, check once per session
	$version_check = $cache->get('_stk_version_check');
	if (!$version_check || $version_check['last_check_session'] != $user->session_id || isset($_GET['force_check']))
	{
		// If we have a cache file trash it
		if ($version_check)
		{
			$cache->destroy('_stk_version_check');
		}

		// Lets collect the latest version data. We can use UMIL for this
		$info = $umil->version_check('www.phpbb.com', '/updatecheck', ((defined('STK_QA')) ? 'stk_qa.txt' : 'stk.txt'));

		// Compare it and cache the info
		$version_check = array();
		if (is_array($info) && isset($info[0]) && isset($info[1]))
		{
			if (version_compare(STK_VERSION, $info[0], '<'))
			{
				$version_check = array(
					'outdated'	=> true,
					'latest'	=> $info[0],
					'topic'		=> $info[1],
					'current'	=> STK_VERSION,
				);
			}

			$version_check['last_check_session'] = $user->session_id;

			// We've gotten some version data, cache the result for a hour or until the session id changes
			$cache->put('_stk_version_check', $version_check, 3600);
		}
	}

	// Something went wrong while retrieving the version file, lets inform the user about this, but don't kill the STK
	if (empty($version_check))
	{
		$template->assign_var('S_NO_VERSION_FILE', true);
		return;
	}
	// The STK is outdated, kill it!!!
	else if (isset($version_check['outdated']) && $version_check['outdated'] === true)
	{
		// Need to clear the $user->lang array to prevent the error page from breaking
		$msg = sprintf($user->lang['STK_OUTDATED'], $version_check['latest'], $version_check['current'], $version_check['topic'], append_sid(STK_ROOT_PATH . $user->page['page_name'], $user->page['query_string'] . '&force_check=1'));

		// Trigger
		trigger_error($msg, E_USER_ERROR);
	}
}

/**
* Wrapper function for the default phpBB msg_handler method.
* This function will overwrite the $phpbb_root_path variable
* if $errno == E_USER_ERROR. This way the "return to index"
* link on the error page will point towards the STK index
* instead of the phpBB index
*/
function stk_msg_handler($errno, $msg_text, $errfile, $errline)
{
	// This is nasty :(
	if ($errno == E_USER_ERROR)
	{
		global $phpbb_root_path;

		$phpbb_root_path = STK_ROOT_PATH;
	}

	// Call the phpBB error message handler
	msg_handler($errno, $msg_text, $errfile, $errline);
}

//-- Wrappers for functions that only exist in newer php version
if (!function_exists('array_fill_keys'))
{
	/**
	* Fills an array with the value of the value parameter, using the values of the keys array as keys.
	* @param Array $keys Array of values that will be used as keys. Illegal values for key will be converted to string.
	* @param mixed $value Value to use for filling
	*/
	function array_fill_keys($keys, $value)
	{
		$array = array();

		foreach ($keys as $key)
		{
			$array[$key] = $value;
		}

		return $array;
	}
}

// php.net, laurynas dot butkus at gmail dot com, http://us.php.net/manual/en/function.html-entity-decode.php#75153
function html_entity_decode_utf8($string)
{
	static $trans_tbl;

	// replace numeric entities
	$string = preg_replace('~&#x([0-9a-f]+);~ei', '_code2utf8(hexdec("\\1"))', $string);
	$string = preg_replace('~&#([0-9]+);~e', '_code2utf8(\\1)', $string);

	// replace literal entities
	if (!isset($trans_tbl))
	{
		$trans_tbl = array();

		foreach (get_html_translation_table(HTML_ENTITIES) as $val => $key)
		{
			$trans_tbl[$key] = utf8_encode($val);
		}
	}

	return strtr($string, $trans_tbl);
}

// Returns the utf string corresponding to the unicode value (from php.net, courtesy - romans@void.lv)
function _code2utf8($num)
{
	$return = '';

	if ($num < 128)
	{
		$return = chr($num);
	}
	else if ($num < 2048)
	{
		$return = chr(($num >> 6) + 192) . chr(($num & 63) + 128);
	}
	else if ($num < 65536)
	{
		$return = chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
	}
	else if ($num < 2097152)
	{
		$return = chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
	}

	return $return;
}
?>

Erik Frèrejean · Post by **Erik Frèrejean** » Wed Jun 30, 2010 3:05 pm

Jack,
see the pm I just send you.

Erik Frèrejean · Post by **Erik Frèrejean** » Wed Jun 30, 2010 3:49 pm

Have you installed any MODs lately? It looks like your request_var() function is trashed. If I dump the request data and the content of the action variable:

Code: Select all

echo'<pre>';
var_dump($_REQUEST, request_var('action', ''));exit;

the result is:

Code: Select all

array(2) {
  ["action"]=>
  string(13) "genpasswdfile"
  ["style_cookie"]=>
  string(4) "null"
}
string(0) ""

The first part shows that the link works correctly but the second part string(0) "" tells that the action parameter couldn't be fetched. Also when I look on your board, non of the pages that rely on data from the query string can be opened (forums/registration page/etc).

[edit]
This would also explain your initial issue

JackMorgan · Post by **JackMorgan** » Wed Jun 30, 2010 4:29 pm

Ok i have accesed the STK pannel by tweaking some code, I need to get into the Users/Groups tab to cfhange my original admin account passworf but when i go on that tab a page doesnt load! Please help, this is the last thing, I promise

Jack

Erik Frèrejean · Post by **Erik Frèrejean** » Wed Jun 30, 2010 10:01 pm

Erik Frèrejean wrote:Have you installed any MODs lately? It looks like your request_var() function is trashed. If I dump the request data and the content of the action variable:
Code: Select all
echo'<pre>';
var_dump($_REQUEST, request_var('action', ''));exit; 
the result is:
Code: Select all
array(2) {
  ["action"]=>
  string(13) "genpasswdfile"
  ["style_cookie"]=>
  string(4) "null"
}
string(0) ""
The first part shows that the link works correctly but the second part string(0) "" tells that the action parameter couldn't be fetched. Also when I look on your board, non of the pages that rely on data from the query string can be opened (forums/registration page/etc).

[edit]
This would also explain your initial issue

Your issues appear to be much larger than only the STK don't generating a password. Did you verify whether you can access your forums/etc?

JackMorgan · Post by **JackMorgan** » Thu Jul 01, 2010 6:41 am

I can access the forums and now the register/login page an the STK, i got it to generate a password after using sime fixes i found.

My only issue left is that the users/groups page is not showing in the STK it just loads a white screen. I dont know what to do and thats the only page i need

Jack

ric323 · Post by **ric323** » Thu Jul 01, 2010 7:11 am

What fixes?
You're making it fairly hard to help you by not telling us what you are doing.

JackMorgan · Post by **JackMorgan** » Thu Jul 01, 2010 7:02 pm

ok I used fix revisions : 9728:http://code.phpbb.com/repositories/diff ... p?rev=9728 and 9729: http://code.phpbb.com/repositories/diff ... p?rev=9729

I have fixed all problems mentioned previously after searching the piles of threads on this forum thanks for all help given though!

I only have one remaining problem i can't fix, that being when i press submit (for a post or thread) it submits 2, like when i make a post it submits 2 copys of it or for a thread it makes the thread but makes what i wrote in the thread content a post in the thread. This is all i need help with now.

Jack

advertisements