Beispiel #1
0
function generate_auth_key()
{
    $arr = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'r', 's', 't', 'u', 'v', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'R', 'S', 'T', 'U', 'V', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '.', ',', '(', ')', '[', ']', '!', '?', '&', '^', '%', '@', '*', ' ', '<', '>', '/', '|', '+', '-', '{', '}', '`', '~', '#', ';', '/', '|', '=', ':', '`');
    $key = "";
    for ($i = 0; $i < 64; $i++) {
        $index = GetRandInt(count($arr)) - 1;
        $key .= $arr[$index];
    }
    return $key;
}
Beispiel #2
0
 $mail = new dle_mail($config);
 $lostmail = $row['email'];
 $userid = $row['user_id'];
 $lostname = $row['name'];
 $lostpass = $row['password'];
 $row = $db->super_query("SELECT template FROM " . PREFIX . "_email where name='lost_mail' LIMIT 0,1");
 $row['template'] = stripslashes($row['template']);
 if (function_exists('openssl_random_pseudo_bytes') && (version_compare(PHP_VERSION, '5.3.4') >= 0 || strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) {
     $stronghash = openssl_random_pseudo_bytes(15);
 } else {
     $stronghash = md5(uniqid(mt_rand(), TRUE));
 }
 $salt = str_shuffle("abchefghjkmnpqrstuvwxyz0123456789" . sha1($lostpass . $stronghash . microtime()));
 $rand_lost = '';
 for ($i = 0; $i < 15; $i++) {
     $rand_lost .= $salt[GetRandInt(72)];
 }
 $lostid = sha1(md5($lostname . $lostmail) . microtime() . $rand_lost);
 if (strlen($lostid) != 40) {
     die("US Secure Hash Algorithm 1 (SHA1) disabled by Hosting");
 }
 $lostlink = $config['http_home_url'] . "index.php?do=lostpassword&action=password&douser="******"&lostid=" . $lostid;
 $iplink = $config['http_home_url'] . "index.php?do=lostpassword&action=ip&douser="******"&lostid=" . $lostid;
 $link = $lang['lost_password'] . "\n" . $lostlink . "\n\n" . $lang['lost_ip'] . "\n" . $iplink;
 $db->query("DELETE FROM " . USERPREFIX . "_lostdb WHERE lostname='{$userid}'");
 $db->query("INSERT INTO " . USERPREFIX . "_lostdb (lostname, lostid) values ('{$userid}', '{$lostid}')");
 $row['template'] = str_replace("{%username%}", $lostname, $row['template']);
 $row['template'] = str_replace("{%lostlink%}", $link, $row['template']);
 $row['template'] = str_replace("{%ip%}", $_SERVER['REMOTE_ADDR'], $row['template']);
 $mail->send($lostmail, $lang['lost_subj'], $row['template']);
 if ($mail->send_error) {
Beispiel #3
0
function register_user($social_user)
{
    global $db, $config, $user_group, $popup, $js_popup, $lang;
    $add_time = time();
    $_IP = get_ip();
    if (intval($config['reg_group']) < 3) {
        $config['reg_group'] = 4;
    }
    if (function_exists('openssl_random_pseudo_bytes') && (version_compare(PHP_VERSION, '5.3.4') >= 0 || strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) {
        $stronghash = openssl_random_pseudo_bytes(15);
    } else {
        $stronghash = md5(uniqid(mt_rand(), TRUE));
    }
    $salt = str_shuffle("abchefghjkmnpqrstuvwxyz0123456789" . sha1($stronghash . microtime()));
    $password = '';
    $hash = '';
    for ($i = 0; $i < 11; $i++) {
        $password .= $salt[GetRandInt(72)];
    }
    $password = md5($password);
    if ($config['log_hash']) {
        for ($i = 0; $i < 9; $i++) {
            $hash .= $salt[GetRandInt(72)];
        }
    }
    $social_user['nickname'] = $db->safesql($social_user['nickname']);
    $social_user['email'] = $db->safesql($social_user['email']);
    $social_user['name'] = $db->safesql($social_user['name']);
    $db->query("INSERT INTO " . USERPREFIX . "_users (name, password, email, reg_date, lastdate, user_group, info, signature, fullname, favorites, xfields, hash, logged_ip) VALUES ('{$social_user['nickname']}', '" . md5($password) . "', '{$social_user['email']}', '{$add_time}', '{$add_time}', '{$config['reg_group']}', '', '', '{$social_user['name']}', '', '', '{$hash}', '{$_IP}')");
    $id = $db->insert_id();
    $db->query("INSERT INTO " . USERPREFIX . "_social_login (sid, uid, password, provider, wait) VALUES ('{$social_user['sid']}', '{$id}', '{$password}', '{$social_user['provider']}', '0')");
    set_cookie("dle_user_id", $id, 365);
    set_cookie("dle_password", $password, 365);
    if ($config['log_hash']) {
        set_cookie("dle_hash", $hash, 365);
    }
    $_SESSION['dle_user_id'] = $id;
    $_SESSION['dle_password'] = $password;
    $_SESSION['state'] = 0;
    if (intval($user_group[$config['reg_group']]['max_foto']) > 0 and $social_user['avatar']) {
        $n_array = explode(".", $social_user['avatar']);
        $type = end($n_array);
        $type = totranslit($type);
        $allowed_extensions = array("jpg", "png", "gif");
        if (in_array($type, $allowed_extensions)) {
            include_once ENGINE_DIR . '/classes/thumb.class.php';
            if (@copy($social_user['avatar'], ROOT_DIR . "/uploads/fotos/" . $id . "." . $type)) {
                @chmod(ROOT_DIR . "/uploads/fotos/" . $id . "." . $type, 0666);
                $thumb = new thumbnail(ROOT_DIR . "/uploads/fotos/" . $id . "." . $type);
                $thumb->size_auto($user_group[$config['reg_group']]['max_foto']);
                $thumb->jpeg_quality($config['jpeg_quality']);
                $thumb->save(ROOT_DIR . "/uploads/fotos/foto_" . $id . "." . $type);
                @unlink(ROOT_DIR . "/uploads/fotos/" . $id . "." . $type);
                $foto_name = "foto_" . $id . "." . $type;
                $db->query("UPDATE " . USERPREFIX . "_users SET foto='{$foto_name}' WHERE user_id='{$id}'");
            }
        }
    }
    echo str_replace("{text}", $lang['social_login_ok'] . $js_popup, $popup);
    die;
}