function process()
{
global $lang, $DB, $Account;
if ($_POST['retr_login'] && $_POST['retr_email'] && $_POST['secretq1'] && $_POST['secretq2'] && $_POST['secreta1'] && $_POST['secreta2']) {
//set return as true - we will make false if something is wrong
$return = TRUE;
/*Check 1*/
$username = strip_if_magic_quotes($_POST['retr_login']);
if (check_for_symbols($username, 1) == TRUE) {
$return = FALSE;
} else {
if ($DB->selectRow("SELECT * FROM `account` WHERE username='******'") == false) {
$username == FALSE;
$return = FALSE;
} else {
$d = $DB->selectRow("SELECT * FROM `account` WHERE username='******'");
$username =& $d['id'];
$username_name =& $d['username'];
$email =& $d['email'];
$posted_email =& $_POST['retr_email'];
/*Check 2*/
if ($email != $posted_email) {
$return = FALSE;
}
}
}
$secreta1 =& $_POST['secreta1'];
$secreta2 =& $_POST['secreta2'];
/*Check 3*/
if (check_for_symbols($_POST['secreta1']) || check_for_symbols($_POST['secreta2'])) {
$return = FALSE;
}
if ($return == FALSE) {
output_message('error', $lang['restore_pass_fail'] . '<meta http-equiv=refresh content="3;url=index.php?p=account&sub=restore">');
} elseif ($return == TRUE) {
$rp_sq1 = strip_if_magic_quotes($_POST['secretq1']);
$rp_sq2 = strip_if_magic_quotes($_POST['secretq2']);
$rp_sa1 = strip_if_magic_quotes($_POST['secreta1']);
$rp_sa2 = strip_if_magic_quotes($_POST['secreta2']);
$we = $DB->selectRow("SELECT account_id FROM `mw_account_extend` WHERE account_id='" . $username . "' AND secret_q1='" . $rp_sq1 . "' AND secret_q2='" . $rp_sq2 . "' AND secret_a1='" . $rp_sa1 . "' AND secret_a2='" . $rp_sa2 . "'");
if ($we !== FALSE) {
$pas = random_string(7);
$c_pas = $Account->sha_password($username_name, $pas);
$DB->query("UPDATE `account` SET sha_pass_hash='" . $c_pas . "' WHERE id='" . $username . "'");
$DB->query("UPDATE `account` SET sessionkey=NULL WHERE id='" . $username . "'");
output_message('success', $lang['restore_pass_success'] . '<br /> New password: '******'error', $lang['restore_pass_fail'] . '<meta http-equiv=refresh content="3;url=index.php?n=account&sub=restore">');
}
}
} else {
output_message('error', $lang['restore_pass_fail'] . '<meta http-equiv=refresh content="3;url=index.php?p=account&sub=restore">');
echo "<br />";
}
}
}
}
}
} elseif ($_POST['deleteavatar'] == 1 && preg_match("/\\d+\\.\\w+/i", $_POST['avatarfile'])) {
if (@unlink((string) $MW->getConfig->generic->avatar_path . $_POST['avatarfile'])) {
$DB->query("UPDATE account_extend SET avatar=NULL WHERE account_id=?d LIMIT 1", $user['id']);
}
}
if (isset($_POST['profile']['g_id'])) {
unset($_POST['profile']['g_id']);
}
$_POST['profile']['signature'] = htmlspecialchars($_POST['profile']['signature']);
$DB->query("UPDATE account_extend SET ?a WHERE account_id=?d LIMIT 1", RemoveXSS($_POST['profile']), $user['id']);
redirect('index.php?n=account&sub=manage', 1);
} elseif ($_GET['action'] == 'changesecretq') {
if (check_for_symbols($_POST['secreta1']) == FALSE && check_for_symbols($_POST['secreta2']) == FALSE && $_POST[secretq1] != '0' && $_POST[secretq2] != '0' && isset($_POST[secreta1]) && isset($_POST[secreta2]) && strlen($_POST[secreta1]) > 4 && strlen($_POST[secreta2]) > 4 && $_POST['secreta1'] != $_POST['secreta2'] && $_POST['secretq1'] != $_POST['secretq2']) {
$DB->query("UPDATE account_extend SET secretq1=?,secretq2=?,secreta1=?,secreta2=? WHERE account_id=?d", strip_if_magic_quotes($_POST['secretq1']), strip_if_magic_quotes($_POST['secretq2']), strip_if_magic_quotes($_POST['secreta1']), strip_if_magic_quotes($_POST['secreta2']), $user['id']);
output_message('notice', '<b>' . $lang['changed_secretq'] . '</b><meta http-equiv=refresh content="4;url=index.php?n=account&sub=manage">');
} else {
output_message('alert', '<b>' . $lang['fail_change_secretq'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=manage">');
}
} elseif ($_GET['action'] == 'resetsecretq') {
if ($_POST['reset_secretq']) {
$DB->query("UPDATE account_extend SET secretq1='0',secretq2='0',secreta1='0',secreta2='0' WHERE account_id=?d", $user['id']);
output_message('notice', '<b>' . $lang['reset_succ_secretq'] . '</b><meta http-equiv=refresh content="4;url=index.php?n=account&sub=manage">');
}
} elseif ($_GET['action'] == 'change_gameplay') {
if ($_POST['switch_wow_type'] == 'wotlk') {
$DB->query("UPDATE `account` SET expansion='2' WHERE `id`=?d", $user['id']);
output_message('notice', '<b>' . $lang['exp_set'] . '</b><meta http-equiv=refresh content="4;url=index.php?n=account&sub=manage">');
} elseif ($_POST['switch_wow_type'] == 'tbc') {
} else {
$d = $DB->selectRow("SELECT * FROM `account` WHERE username=?", $username);
$username =& $d['id'];
$username_name =& $d['username'];
$email =& $d['email'];
$posted_email =& $_POST['retr_email'];
/*Check 2*/
if ($email != $posted_email) {
$return = FALSE;
}
}
}
$secreta1 =& $_POST['secreta1'];
$secreta2 =& $_POST['secreta2'];
/*Check 3*/
if (check_for_symbols($_POST['secreta1']) || check_for_symbols($_POST['secreta2'])) {
$return = FALSE;
}
if ($return == FALSE) {
output_message('alert', '<b>' . $lang['fail_restore_pass'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=restore">');
} elseif ($return == TRUE) {
$we = $DB->selectRow("SELECT account_id FROM `account_extend` WHERE account_id=? AND secretq1=? AND secretq2=? AND secreta1=? AND secreta2=?", $username, strip_if_magic_quotes($_POST['secretq1']), strip_if_magic_quotes($_POST['secretq2']), strip_if_magic_quotes($_POST['secreta1']), strip_if_magic_quotes($_POST['secreta2']));
if ($we == false) {
$we = $DB->selectRow("SELECT account_id FROM `account_extend` WHERE account_id=? AND secretq1=? AND secretq2=? AND secreta1=? AND secreta2=?", $username, strip_if_magic_quotes($_POST['secretq2']), strip_if_magic_quotes($_POST['secretq1']), strip_if_magic_quotes($_POST['secreta2']), strip_if_magic_quotes($_POST['secreta1']));
}
if ($we == true) {
$pas = random_string(7);
$c_pas = sha_password($username_name, $pas);
$DB->query("UPDATE `account` SET sha_pass_hash=? WHERE id=?d", $c_pas, $username);
$DB->query("UPDATE `account` SET sessionkey=NULL WHERE id=?d", $username);
output_message('notice', '<b>' . $lang['restore_pass_ok'] . '<br /> New password: '******'</b>');
//Another check if user is logged on.
if ($loggedin == '0') {
$loggedin = $CHDB->selectCell("SELECT online FROM `characters` WHERE account=?d", $account_id);
}
//Checks if user has MAX players.
$numchars = $DB->selectCell("SELECT numchars FROM realmcharacters WHERE acctid=?d AND realmid=?d", $account_id, $rid);
/******** FORM CHECKS ********/
if ($class == false) {
} elseif ($faction == false) {
} elseif ($classexists == true) {
output_message('alert', '<b>' . $lang['charcreate_nameinuse'] . '<br/>' . $lang['redirecting_wait'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=charcreate">');
} elseif ($name == false) {
output_message('alert', '<b>' . $lang['charcreate_invalidname'] . '<br/>' . $lang['redirecting_wait'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=charcreate">');
} elseif ($loggedin == 1) {
output_message('alert', '<b>' . $lang['charcreate_loggedin'] . '<br/>' . $lang['redirecting_wait'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=charcreate">');
} elseif (check_for_symbols($checknamestring, 1) == TRUE) {
output_message('alert', '<b>' . $lang['charcreate_nameissymbols'] . '<br/>' . $lang['redirecting_wait'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=charcreate">');
} elseif ($numchars == 9) {
output_message('alert', '<b>' . $lang['charcreate_tomanychars'] . '<br/>' . $lang['redirecting_wait'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=charcreate">');
} else {
//Here is the main section for character creation. You define your values.
// You create a character in-game, look up the ID in character table.
/******************* MAIN COPY ******************/
// Tables wich is going to be copied.
#character
#character_action
#character_homebind
#character_inventory
#character_reputation
#character_skills
#character_spell
function setSecretQuestions($id, $sq1, $sa1, $sq2, $sa2)
{
$sq1 = strip_if_magic_quotes($sq1);
$sa1 = strip_if_magic_quotes($sa1);
$sq2 = strip_if_magic_quotes($sq2);
$sa2 = strip_if_magic_quotes($sa2);
// Check for symbols
if (check_for_symbols($sa1) == FALSE && check_for_symbols($sa2) == FALSE && $sq1 != '0' && $sq2 != '0') {
if (strlen($sa1) >= 4 && strlen($sa2) >= 4) {
if ($sa1 != $sa2 && $sq1 != $sq2) {
$this->DB->query("UPDATE `mw_account_extend` SET `secret_q1`='{$sq1}', `secret_q2`='{$sq2}', `secret_a1`='{$sa1}', `secret_a2`='{$sa2}' WHERE `account_id`='{$id}'");
return 1;
// 1 = Set
} else {
return 2;
// 2 = Answers or questions where the same
}
} else {
return 3;
// Answers where less then 4 characters long
}
} else {
return 4;
// Answers contained symbols
}
}
function Register()
{
global $DB, $Config, $allow_reg, $err_array, $Account, $lang;
// Check to see if we still are allowed to register
if ($allow_reg == TRUE) {
// Inizialize variable, we use this after. Use this to add extensions.
$notreturn = FALSE;
// Extensions
// Each extention you see down-under will check for specific user input,
// In this step we set "requirements" for what user may input.
// Ext 1 - Image verification
// We need to see if its enabled, and if the user put in the right code
if ($Config->get('reg_act_imgvar') == 1) {
$image_key =& $_POST['image_key'];
$filename = mysql_real_escape_string($_POST['filename_image']);
$correctkey = $DB->selectCell("SELECT `key` FROM `mw_acc_creation_captcha` WHERE `filename` ='" . $filename . "'");
// Check for key match
if (strtolower($correctkey) != strtolower($image_key) || $image_key == '') {
$notreturn = TRUE;
$err_array[] = $lang['image_var_incorrect'];
} else {
// Delete the key from the DB, and delete the image from the cache folder
$DB->query("DELETE FROM `mw_acc_creation_captcha` WHERE filename='" . $filename . "'");
@unlink($filename);
}
}
// Ext 2 - secret questions
// Check if user questions are required, if so we need to check for symbols, and character lenght
if ($Config->get('reg_secret_questions') == 1) {
if ($_POST['secretq1'] && $_POST['secretq2'] && $_POST['secreta1'] && $_POST['secreta2']) {
if (check_for_symbols($_POST['secreta1']) || check_for_symbols($_POST['secreta2'])) {
$notreturn = TRUE;
$err_array[] = $lang['secretq_error_symbols'];
}
if ($_POST['secretq1'] == $_POST['secretq2']) {
$notreturn = TRUE;
$err_array[] = $lang['secretq_error_same'];
}
if ($_POST['secreta1'] == $_POST['secreta2']) {
$notreturn = TRUE;
$err_array[] = $lang['secretq_error_same'];
}
if (strlen($_POST['secreta1']) < 4 || strlen($_POST['secreta2']) < 4) {
$notreturn = TRUE;
$err_array[] = $lang['secretq_error_short'];
}
} else {
$notreturn = TRUE;
$err_array[] = $lang['secretq_error_empty'];
}
}
// Ext 3 - make sure the username isnt already in use
if ($Account->isAvailableUsername($_POST['r_login']) == FALSE) {
$notreturn = TRUE;
$err_array[] = $lang['username_taken'];
}
// Ext 4 - make sure password is not username
if ($_POST['r_login'] == $_POST['r_pass']) {
$notreturn = TRUE;
$err_array[] = $lang['user_pass_same'];
}
// Main add into the database
if ($notreturn == FALSE) {
// @$Enter is the main input arrays into the SDL
$Enter = $Account->register(array('username' => $_POST['r_login'], 'sha_pass_hash' => $Account->sha_password($_POST['r_login'], $_POST['r_pass']), 'sha_pass_hash2' => $Account->sha_password($_POST['r_login'], $_POST['r_cpass']), 'email' => $_POST['r_email'], 'expansion' => $_POST['r_account_type'], 'password' => $_POST['r_pass']), array('secretq1' => strip_if_magic_quotes($_POST['secretq1']), 'secreta1' => strip_if_magic_quotes($_POST['secreta1']), 'secretq2' => strip_if_magic_quotes($_POST['secretq2']), 'secreta2' => strip_if_magic_quotes($_POST['secreta2'])));
// lets catch the return on the register function
if ($Enter == 1) {
if ($Config->get('reg_invite') == 1) {
$Account->delete_key($_POST['r_key']);
}
$reg_succ = TRUE;
} elseif ($Enter == 0) {
$reg_succ = FALSE;
$err_array[] = $lang['some_params_empty'];
} elseif ($Enter == 2) {
$reg_succ = FALSE;
$err_array[] = $lang['empty_param_username'];
} elseif ($Enter == 3) {
$reg_succ = FALSE;
$err_array[] = $lang['passwords_dont_match'];
} elseif ($Enter == 4) {
$reg_succ = FALSE;
$err_array[] = $lang['empty_param_email'];
} elseif ($Enter == 5) {
$reg_succ = FALSE;
$err_array[] = $lang['your_ip_is_banned'];
} else {
$reg_succ = FALSE;
$err_array[] = "Account Creation [FATAL ERROR]: User cannot be created, likely due to incorrect database configuration. Contact the administrator.";
}
} else {
$reg_succ = FALSE;
}
// If there were any errors, then they are outputed here
if ($reg_succ == FALSE) {
if (!$err_array[0]) {
$err_array[0] = "Unknown Reason";
}
$output_error = $lang['register_failed'];
$output_error .= "<ul><li>";
$output_error .= implode("</li><li>", $err_array);
$output_error .= "</li></ul>";
output_message('error', $output_error . 'Redirecting...<meta http-equiv=refresh content="8;url=?p=account&sub=register">');
} else {
if ((int) $Config->get('require_act_activation') == 1) {
output_message('success', $lang['activation_email_sent']);
} else {
output_message('success', $lang['register_success'] . '<meta http-equiv=refresh content="5;url=?p=account&sub=login">');
}
}
} else {
return FALSE;
}
}