$res = pg_safe_exec("delete from pendingusers where cookie='{$cookie}'");
die;
}
}
$valid = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$password = "";
srand((double) microtime() * 1000000);
for ($i = 0; $i < 8; $i++) {
$password = $password . $valid[rand(0, strlen($valid) - 1)];
}
for ($i = 0; $i < 8; $i++) {
$salt = $salt . $valid[rand(0, strlen($valid) - 1)];
}
$crypt = $salt . md5($salt . $password);
$verificationdata = prepare_dbtext_db($user->verificationdata);
$q = "insert into users (user_name,password,flags,email,last_updated,last_updated_by,language_id,question_id,verificationdata,post_forms,created_ts,signup_ts,signup_ip) " . " values " . " ('" . $user->user_name . "','{$crypt}',0,'" . $user->email . "'," . " now()::abstime::int4,'Web Page New User'," . $user->language . "," . $user->question_id . ",'" . $verificationdata . "',0,now()::abstime::int4,now()::abstime::int4,'" . cl_ip() . "')";
//echo $q;
$res = pg_safe_exec($q);
$ucount = pg_safe_exec("SELECT count_count FROM counts WHERE count_type='1'");
if (pg_numrows($ucount) == 0) {
pg_safe_exec("INSERT INTO counts VALUES ('1','1')");
} else {
$uobj = pg_fetch_object($ucount, 0);
$newcount = $uobj->count_count + 1;
if ($newcount == $MAX_ALLOWED_USERS) {
pg_safe_exec("INSERT INTO locks VALUES (3,now()::abstime::int4,0)");
}
pg_safe_exec("UPDATE counts SET count_count='" . ($newcount + 0) . "' WHERE count_type='1'");
}
$username = $user->user_name;
if ($res) {
$blah = "_";
}
$mmsg = $mmsg . "3) " . $blah . "_ Other (see below **)\n";
$mmsg = $mmsg . "\n";
if ($reason == "resign") {
$mmsg = $mmsg . "* :\n" . str_replace("\\'", "'", $resignreason) . "\n\n";
}
if ($reason == "other") {
$mmsg = $mmsg . "** :\n" . str_replace("\\'", "'", $otherreason) . "\n\n";
}
$mmsg = $mmsg . "\n";
$mmsg = $mmsg . "________________________________\n";
$mmsg = $mmsg . "Purge Request\n";
$mmsg = $mmsg . NETWORK_NAME . " Channel Service\n";
$mmsg = $mmsg . "version 03012001\n";
$mmsg = $mmsg . "Sent by [" . cl_ip() . "] at " . cs_time(time()) . " (user's timezone)\n";
$email = $user->email;
if (!file_exists("../testnet")) {
mail($purge_at_email, "Purge Request via WEB", $mmsg, "From: " . $_POST["email"] . "\nReply-To: " . $_POST["email"] . "\nX-Mailer: " . NETWORK_NAME . " Channel Service");
} else {
echo "<h3>Testnet : dumping mail</h3>\n";
echo str_replace("\n", "<br>", $mmsg);
}
/* make the user can re-port in 10 days. */
pg_safe_exec("UPDATE users SET post_forms=(now()::abstime::int4+86400*10) WHERE id=" . $user_id);
echo "<h2>";
echo "Please allow 3-5 days for your request to be processed.\n";
echo "</h2>\n";
echo "</body></html>\n\n";
die;
}
if (is_ip_restrict()) {
header("Pragma: no-cache");
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">\n";
echo "<html>\n";
echo "<head><title>Error</title>";
std_theme_styles();
echo "</head>";
std_theme_body();
echo "<font size=+0>\n";
echo "You can't login to this account using your current IP number (" . cl_ip() . ").<br><br>";
echo "<a href=\"index.php\" target=\"_top\">click here</a>.<br>\n";
echo "</font></body></html>\n\n";
die;
}
}
if (cl_ip() == "0.0.0.0") {
// safety valve. (useless?)
header("Pragma: no-cache");
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">\n";
echo "<html>\n";
echo "<head><title>Error</title>";
std_theme_styles();
echo "</head>";
std_theme_body();
echo "<font size=+0>\n";
echo "You can't login using your current IP number.<br><br>";
echo "<a href=\"index.php\" target=\"_top\">click here</a>.<br>\n";
echo "</font></body></html>\n\n";
die;
}
if (is_suspended($user_id, "") == 1) {
<?php
/* $Id: cfp.php,v 1.1 2005/11/18 04:19:33 nighty Exp $ */
require "../../php_includes/cmaster.inc";
$cTheme = get_theme_info();
std_theme_styles(1);
std_theme_body();
$iid = (int) $_GET["id"];
$ccrc = $_GET["crc"];
$r1 = pg_safe_exec("SELECT * FROM pending_passwordchanges WHERE cookie='" . post2db($ccrc) . "' AND user_id='" . $iid . "'");
if ($o1 = @pg_fetch_object($r1, 0)) {
if ($ccrc == md5($iid . "modFP" . CRC_SALT_0015 . $o1->new_crypt)) {
// confirmation of password change
$rez = @pg_safe_exec("UPDATE users SET password='******',last_updated=now()::abstime::int4,last_updated_by='forgotten password (" . cl_ip() . ")' WHERE id='" . $iid . "'");
if ($rez) {
$ru = pg_safe_exec("SELECT * FROM users WHERE id='" . $iid . "'");
$user = pg_fetch_object($ru, 0);
mail($user->email, $mail_subject_pass . $user->user_name, "Your Cservice password is: " . $o1->new_clrpass . "\nRemember it!", "From: " . $mail_from_pass . "\nReply-To: " . $mail_from_pass . "\nX-Mailer: " . NETWORK_NAME . " Channel Service");
log_user($user->id, 9, " [manual confirmation]");
pg_safe_exec("DELETE FROM pending_passwordchanges WHERE user_id='" . $user->id . "'");
echo "<h1>Success !<br><br>\n";
echo "Password change has been approved successfully for user '" . $user->user_name . "'</h1>\n";
echo "</body></html>\n\n";
die;
} else {
echo "<h1>Error<br><br>\n";
echo "Unknown SQL Error !</h1>\n";
echo "</body></html>\n\n";
die;
}
} else {
echo "<td valign=top>";
echo "<b>Mask</b><br>";
echo "<input type=text name=t3mask size=35 maxlength=255>";
echo "<br>";
echo "<i>";
echo "wildcards <b>*</b> and <b>?</b> are allowed.";
echo "</i>";
echo "</td>\n";
echo "</tr>";
echo "<tr><td colspan=3 align=right><input type=submit value=\"Add\"></td></tr>\n";
echo "</table>\n";
echo "<br><br>";
if ($user_id == $usr->id && ($admin > 0 || has_acl($user_id)) && is_ip_restrict()) {
// safety valve warning
echo "<font size=+1 color=#ff1111><b>";
echo "WARNING</b> : The current IP restrictions will NOT allow you to login.<br>Your current IP is : " . cl_ip() . "</font><br><br>";
}
echo "<table border=1 cellspacing=0 cellpadding=3>\n";
$amask = 0;
while ($ip = pg_fetch_object($ipq)) {
$amask++;
echo "<tr>";
if ($ip->allowrange2 != 0) {
// IP range
echo "<td>Range</td>";
echo "<td><b>";
echo long2ip($ip->allowrange1) . "</b>-<b>" . long2ip($ip->allowrange2);
} elseif ($ip->allowrange1 != 0) {
// single IP
echo "<td>IP</td>";
echo "<td><b>";
(int) ($opt_duration = (int) $nbretOK * 86400 * 7);
}
if ($mctype == 2) {
// perm
$change_type = 1;
$opt_duration = 0;
}
if ($change_type == 0 && ($opt_duration == 0 || $opt_duration > 8 * 86400 * 7)) {
echo "<h2>Bogus Request !</h2></body></html>\n\n";
die;
}
$expiration = time() + 21600;
// 6 hours
$crc_cookie = md5($expiration . CRC_SALT_015 . $user->email . $new_manager_id . $channel_id);
$query = "INSERT INTO pending_mgrchange (channel_id,manager_id,new_manager_id,change_type,opt_duration,reason,expiration,crc,confirmed,from_host) VALUES ";
$query .= "('{$channel_id}','{$user_id}','{$new_manager_id}','{$change_type}'," . (int) $opt_duration . ",'{$mcreason}','{$expiration}','{$crc_cookie}',0,'" . cl_ip() . "')";
pg_safe_exec($query);
// echo $query;
$mmsg = "";
$mmsg .= "Hello,\n\nIf you would like to confirm the \"Manager Change\" request for channel '" . str_replace("\\'", "'", $channel) . "',\n";
$mmsg .= "thus giving it ";
if ($mctype == 1) {
$mmsg .= "TEMPORARILY for {$nbretOK} ";
// if ($nbtype==1) { $mmsg .= "day(s) "; }
// if ($nbtype==2) { $mmsg .= "week(s) "; }
$mmsg .= "week(s) ";
// if ($nbtype==3) { $mmsg .= "month(s) "; }
} else {
$mmsg .= "PERMANENTLY ";
}
$mmsg .= "to user '{$newmgr->user_name}' who is a level 499 on " . str_replace("\\'", "'", $channel) . ",\n\n";
$mm .= "-------------------------\n\n";
$doconf = 1;
mail(CONFIRM_STAR_PWRESET_MAIL, $ss, $mm, "From: Channel Service <*****@*****.**>\nX-Mailer: CSC-1.1\n\n");
}
}
}
}
if (!$doconf || LOCK_ON_PWCHG) {
$res = pg_safe_exec("update users set password='******', " . " last_updated = now()::abstime::int4, " . " last_updated_by = 'forgotten password (" . cl_ip() . ")' " . " where " . " id='" . $user->id . "'");
}
if ($res && !$doconf) {
mail($user->email, $mail_subject_pass . $user->user_name, "Your Cservice password is: " . $password . "\nRemember it!", "From: " . $mail_from_pass . "\nReply-To: " . $mail_from_pass . "\nX-Mailer: " . NETWORK_NAME . " Channel Service");
log_user($user->id, 9, " ");
}
pg_safe_exec("delete from lastrequests where ip='" . cl_ip() . "'");
pg_safe_exec("insert into lastrequests (ip,last_request_ts) values ('" . cl_ip() . "',now()::abstime::int4)");
?>
<html>
<head><title>Request Successful</title></head>
<?php
std_theme_body();
if ($doconf) {
echo "Your new password is pending CService's approval, You will be notified.<br>\n";
if (LOCK_ON_PWCHG) {
echo "Your account is locked out until the new password is approved (or not).<br>\n";
} else {
echo "Your old password remains active until the new one has been approved.<br>\n";
}
} else {
echo "Your new password has been mailed out to you.";
}
$query .= "" . (int) $da_users_id . ", ";
$query .= "'" . $_POST["from_mail"] . "', ";
if ($da_users_id > 0) {
$query .= "'" . $uInfo->email . "', ";
} else {
$query .= "'', ";
}
$query .= "" . $_POST["ct"] . ", ";
$query .= "'" . post2db(str_replace(";", ":", $_POST["complaint_text"])) . "', ";
$query .= "'" . post2db(str_replace(";", ":", $_POST["complaint_logs"])) . "', ";
$query .= "" . (int) $da_channel1_id . ", ";
$query .= "'" . post2db($da_channel1_name) . "', ";
$query .= "" . (int) $da_channel2_id . ", ";
$query .= "'" . post2db($da_channel2_name) . "', ";
$query .= "" . (int) $da_users_id . ", ";
$query .= "0, 0, 0, 0, now()::abstime::int4, '" . cl_ip() . "', '" . $da_crc . "', (now()::abstime::int4+172800), '', 0";
$query .= " )";
echo "<br>";
$res = @pg_safe_exec($query);
$tq = pg_safe_exec("SELECT id FROM complaints WHERE created_crc='" . $da_crc . "'");
if ($to = pg_fetch_object($tq)) {
$da_c_id = $to->id;
$ticket_number = strtoupper($da_c_id . "-" . substr(md5($da_c_id . CRC_SALT_0007 . "ticket"), 0, 10));
if ($_POST["ct"] == 3) {
// if 'pending application anonymous objection', insert an ADMIN comment in the given application to notify
// that the complaint has been recorded...
unset($issuer_id);
unset($da_cmt);
unset($notif_q);
$issuer_id = COMPLAINTS_ADMINCOMMENT_ID;
// this ID needs to be a permanently valid user !!!!! (see config.inc)
// checks if cookie disallowing new username is present.
if ($_COOKIE["UNETUB"] != "" && UNETUB_TIME > 0) {
err_newuser("Your IP has already registered a username, you can only signup for ONE username.");
$err = 1;
} elseif (NEWUSERS_IPCHECK && !newu_ipcheck(1)) {
err_newuser("Your IP has already registered a username, you can only signup for ONE username.");
$err = 1;
} else {
$cookie = md5(microtime() . time() . CRC_SALT_0003 . $_POST["username"] . $_POST["email"]);
$expire = time() + 86400;
// 1 day
$language = (int) $_POST["language"];
// Run any user typed field that hasn't already been sanity checked through the prepare_dbtext() function.
$verificationdata = post2db($_POST["verificationdata"]);
//local_seclog("New user request for `" . N_get_pure_string($_POST["username"]) . "`");
pg_safe_exec("insert into pendingusers (user_name,cookie,expire,email,language,question_id,verificationdata,poster_ip) values ('" . post2db($_POST["username"]) . "','" . post2db($cookie) . "'," . (int) $expire . ",'" . post2db(strtolower($_POST["email"])) . "'," . $language . "," . (int) $question_id . ",'" . $verificationdata . "','" . cl_ip() . "')");
$boundary = md5(time());
mail($_POST["email"], $mail_subject_new, "To continue the registration process go to " . $confirm_url . "?cookie=" . $cookie, "From: " . $mail_from_new . "\nReply-To: " . $mail_from_new . "\nX-Mailer: " . NETWORK_NAME . " Channel Service");
echo "<p>Your registration email has been sent. Please wait to receive it, and then follow the instructions it contains to continue</p>";
}
} else {
err_newuser($err);
$err = 1;
}
break;
}
if ((int) $curr_step != 8) {
if ($err == "") {
if ((int) $curr_step < 7) {
echo "<p align=right><input type=submit value=\"NEXT >>\"></p>\n";
} else {