if ($_POST['email'] != $_POST['aemail']) {
$id = $_SESSION['authid'] . '||' . md5(uniqid(rand()));
db_query("INSERT INTO prefix_usercheck (`check`,email,datime,ak)\r\n VALUES ('" . $id . "','" . escape($_POST['email'], 'string') . "',NOW(),3)");
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$text = $lang['changedthemail'] . sprintf($lang['registconfirmlink'], $page, $id);
icmail($_POST['email'], $lang['mail'] . ' ' . $lang['changed'], $text);
$fmsg = $lang['pleaseconfirmmail'];
}
#
#remove account
if (isset($_POST['removeaccount'])) {
$id = $_SESSION['authid'] . '-remove-' . md5(uniqid(rand()));
db_query("INSERT INTO prefix_usercheck (`check`,email,datime,ak)\r\n VALUES ('" . $id . "','" . escape($_POST['email'], 'string') . "',NOW(),5)");
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$text = $lang['removeconfirm'] . sprintf($lang['registconfirmlink'], $page, $id);
icmail($_POST['email'], html_entity_decode($lang['removeaccount'], ILCH_ENTITIES_FLAGS, ILCH_CHARSET), $text);
$fmsg = $lang['pleaseconfirmremove'];
}
#remove account
# statische felder speichern
db_query("UPDATE prefix_user\r\n\t\t\t SET\r\n homepage = '" . get_homepage(escape($_POST['homepage'], 'string')) . "',\r\n wohnort = '" . escape($_POST['wohnort'], 'string') . "',\r\n icq = '" . escape($_POST['icq'], 'string') . "',\r\n msn = '" . escape($_POST['msn'], 'string') . "',\r\n yahoo = '" . escape($_POST['yahoo'], 'string') . "',\r\n " . $avatar_sql_update . "\r\n aim = '" . escape($_POST['aim'], 'string') . "',\r\n staat = '" . escape($_POST['staat'], 'string') . "',\r\n geschlecht = '" . escape($_POST['geschlecht'], 'string') . "',\r\n status = '" . escape($_POST['status'], 'string') . "',\r\n opt_mail = '" . escape($_POST['opt_mail'], 'string') . "',\r\n opt_pm = '" . escape($_POST['opt_pm'], 'string') . "',\r\n opt_pm_popup = '" . escape($_POST['opt_pm_popup'], 'string') . "',\r\n gebdatum = '" . get_datum(escape($_POST['gebdatum'], 'string')) . "',\r\n sig = '" . substr(escape($_POST['sig'], 'string'), 0, $allgAr['forum_max_sig']) . "'\r\n\t\t\t\tWHERE id = " . $_SESSION['authid']);
# change other profil fields
profilefields_change_save($_SESSION['authid']);
$design->header();
# definie and print msg
$fmsg = isset($fmsg) ? $fmsg : $lang['changesuccessful'];
wd('?user-8', $fmsg, 3);
}
} else {
$tpl = new tpl('user/login');
$tpl->set_out('WDLINK', '?user-8', 0);
<td class="Cmite">Deine eMail</td>
<td class="Cnorm"><input type="text" name="email" value="<?php
echo $_POST['email'];
?>
"></td>
</tr><tr class="Cnorm">
<td class="Cmite" v>Nachricht</td>
<td class="Cnorm"><textarea cols="40" rows="10" name="txt"><?php
echo $_POST['txt'];
?>
</textarea></td>
</tr><tr class="Cdark">
<td></td>
<td><input type="submit" name="send" value="<?php
echo $lang['formsub'];
?>
"></td>
</tr>
</table></form>
<?php
} else {
$_SESSION['klicktime'] = time();
if (1 == $row['opt_mail']) {
icmail($row['email'], strip_tags($_POST['bet']), strip_tags($_POST['txt']), 'SeitenKontakt <' . escape_for_email($_POST['email']) . '>');
wd('index.php?forum', 'Die eMail wurde erfolgreich versendet');
} else {
header('location: index.php?' . $allAr['smodul']);
exit;
}
}
$design->footer();
defined('main') or die('no direct access');
$title = $allgAr['title'] . ' :: Users :: Password Reminder';
$hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">Users</a><b> » </b> Password Reminder' . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 1);
$design->header();
$show = true;
if (isset($_POST['email'])) {
$email = get_lower(escape($_POST['email'], 'string'));
$erg = db_query("SELECT `name` FROM `prefix_user` WHERE `email` = BINARY '" . $email . "'");
if (db_num_rows($erg) == 1) {
$row = db_fetch_assoc($erg);
$new_pass = genkey(8);
$md5_pass = md5($new_pass);
$id = md5(uniqid(rand()));
db_query("INSERT INTO `prefix_usercheck` (`check`,`name`,`email`,`pass`,`datime`,`ak`)\n\t\tVALUES ('" . $id . "','" . $row['name'] . "','" . $email . "','" . $md5_pass . "',NOW(),2)");
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id);
$regmail = sprintf($lang['newpasswordmail'], $row['name'], $confirmlinktext, $new_pass);
icmail($email, 'Password Reminder', $regmail);
// email an user
echo $lang['youhavereceivedaemail'];
$show = false;
} else {
echo $lang['namenotfound'];
}
}
if ($show) {
$tpl = new tpl('user/new_pass');
$tpl->out(0);
}
$design->footer();
$mail = escape_for_email($_POST['mail']);
$subject = escape_for_email($_POST['subject'], true);
$wer = escape_for_email($_POST['wer']);
$text = $_POST['txt'];
$wero = FALSE;
foreach ($k as $a) {
$e = explode('|', $a);
if (md5($e[0]) == $wer) {
$wero = TRUE;
$wer = $e[0];
break;
}
}
if (strpos($text, 'Content-Type:') === FALSE and strpos($text, 'MIME-Version:') === FALSE and strpos($mail, '@') !== FALSE and $wero === TRUE and strlen($name) <= 30 and strlen($mail) <= 30 and strlen($text) <= 5000 and $mail != $name and $name != $text and $text != $mail) {
$subject = "Kontakt: " . $subject;
if (icmail($wer, $subject, $text, $name . " <" . $mail . ">")) {
echo $lang['emailsuccessfullsend'];
} else {
echo 'Der Server konnte die Mail nicht versenden, teilen sie dies ggf. einem Administrator mit.';
}
$name = '';
$mail = '';
$subject = '';
$wer = '';
$text = '';
} else {
echo $lang['emailcouldnotsend'];
}
}
$tpl = new tpl('contact.htm');
$tpl->out(0);
$new_pass = $_POST['pass'];
$passwordHash = user_pw_crypt($new_pass);
db_query("INSERT INTO prefix_user (name,pass,recht,regist,llogin,email)\r\n\t\t VALUES('" . $_POST['name'] . "','" . $passwordHash . "'," . $_POST['recht'] . ",'" . time() . "','" . time() . "','" . $_POST['email'] . "')");
$userid = db_last_id();
db_query("INSERT INTO prefix_userfields (uid,fid,val) VALUES (" . $userid . ",2,'1')");
db_query("INSERT INTO prefix_userfields (uid,fid,val) VALUES (" . $userid . ",3,'1')");
if (isset($_POST['info'])) {
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$page = str_replace('admin.php', 'index.php', $page);
$tpl = new tpl('user/new_user_email', 1);
$tpl->set('name', $_POST['name']);
$tpl->set('pass', $_POST['pass']);
$tpl->set('page', $page);
$txt = $tpl->get(0);
unset($tpl);
icmail($_POST['email'], 'Admin hat dich angelegt', $txt);
}
$msg = 'Benutzer angelegt <a href="javascript:closeThisWindow()">Fenster schließen</a>';
}
}
$pass = '';
$email = '';
$recht = '';
if (isset($_POST['pass'])) {
$pass = $_POST['pass'];
}
if (isset($_POST['email'])) {
$email = $_POST['email'];
}
if (isset($_POST['recht'])) {
$recht = $_POST['recht'];
function sendpm($sid, $eid, $ti, $te, $status = 0)
{
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
// Testen, ob Array. Sonst umwandeln.
if (!is_array($eid)) {
$eid = array($eid);
}
// Alle Emf�nger durchlaufen
foreach ($eid as $empf) {
// PM schreiben und ID speichern
db_query("INSERT INTO `prefix_pm` (`sid`,`eid`,`time`,`titel`,`txt`,`status`) VALUES (" . $sid . "," . $empf . ",'" . time() . "','" . $ti . "','" . $te . "'," . $status . ")");
$last_id = db_last_id();
// Alle Zeiten der letzten PMs abfragen, die nach dem letzten Login des Empf�ngers verschickt wurden
$erg = db_query("SELECT `b`.`time` FROM `prefix_user` AS `a` LEFT JOIN `prefix_pm` AS `b` ON `a`.`id` = `b`.`eid` AND `b`.`id` != " . $last_id . " WHERE `a`.`id` = " . $empf . " AND `a`.`llogin` < `b`.`time`");
// Wenn keine PM gefunden wurde, Email schreiben
if (db_num_rows($erg) == 0) {
// Email-Adresse abfragen und Email verschicken
$mail = db_result(db_query("SELECT `email` FROM `prefix_user` WHERE `id` = " . $empf), 0);
if (!empty($mail)) {
icmail($mail, "Du hast eine neue Nachricht", "Hallo,\ndu hast eben eine Neue Nachricht mit dem Betreff '" . $ti . "' bekommen. Diese Nachricht kannst du nun unter folgender Adresse mit Deinen Logindaten aufrufen: " . $page . "?forum-privmsg-showmsg-" . $last_id . "\n\nWir wünschen Dir noch einen schönen Tag!");
}
}
}
}
$q = "SELECT `b`.`email`, `b`.`name` as `uname`, `b`.`id` as `uid` FROM `prefix_groupusers` `a` LEFT JOIN `prefix_user` `b` ON `a`.`uid` = `b`.`id` WHERE `a`.`gid` = '{$gid}'";
} elseif ($usrogrp == 'r') {
$q = "SELECT `email`,`id` as `uid` FROM `prefix_user` WHERE `recht` " . (isset($_POST['andhigher']) ? '<' : '') . "= '" . substr($_POST['auswahl'], 2, strlen($_POST['auswahl']) - 1) . "'";
}
$erg = db_query($q);
$zahler = 0;
if (db_num_rows($erg) > 0) {
if ($mailopm == 'E') {
$emails = array('bbc', $allgAr['adminMail']);
while ($row = db_fetch_object($erg)) {
if (!in_array($row->email, $emails) and preg_match('/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\\@([a-z0-9])' . '(([a-z0-9-])*([a-z0-9]))+' . '(\\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i', $row->email) == 1) {
$emails[] = $row->email;
$zahler++;
}
}
icmail($emails, $_POST['bet'], $_POST['txt'], '', isset($_POST['html']));
} elseif ($mailopm == 'P') {
$uids = array();
while ($row = db_fetch_object($erg)) {
$uids[] = $row->uid;
$zahler++;
}
sendpm($_SESSION['authid'], $uids, escape($_POST['bet'], 'string'), escape($_POST['txt'], 'string'), -1);
}
if ($mailopm == 'E') {
$eMailorPmsg = 'eMail(s)';
} elseif ($mailopm == 'P') {
$eMailorPmsg = 'Private Nachrichte(n)';
}
wd('admin.php?newsletter', 'Es wurde(n) ' . $zahler . ' ' . $eMailorPmsg . ' verschickt.', 5);
} else {
$erst = escape($_SESSION['authname'], 'string');
db_query("UPDATE `prefix_user` set posts = posts+1 WHERE id = " . $uid);
} else {
$erst = $xnn;
$uid = 0;
}
# topic alert ausfuehren.
$topic_alerts_abf = "SELECT\r\n prefix_topics.name as topic,\r\n prefix_user.email as email,\r\n prefix_user.name as user,\r\n prefix_user.id as uid\r\n FROM prefix_topic_alerts\r\n LEFT JOIN prefix_topics ON prefix_topics.id = prefix_topic_alerts.tid\r\n LEFT JOIN prefix_user ON prefix_user.id = prefix_topic_alerts.uid\r\n WHERE prefix_topic_alerts.tid = " . $tid;
$topic_alerts_erg = db_query($topic_alerts_abf);
while ($topic_alerts_row = db_fetch_assoc($topic_alerts_erg)) {
if ($uid == $topic_alerts_row['uid']) {
continue;
}
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$text = sprintf($lang['topicalertmessage'], $topic_alerts_row['user'], $topic_alerts_row['topic'], $page, $tid);
icmail($topic_alerts_row['email'], 'neue Antwort im Thema: "' . $topic_alerts_row['topic'] . '"', $text);
debug($topic_alerts_row['email']);
}
db_query("DELETE FROM prefix_topic_alerts WHERE tid = " . $tid);
# topic alert insert wenn gewaehlt.
if (!empty($_POST['topic_alert']) and $_POST['topic_alert'] == 'yes' and loggedin()) {
if (0 == db_result(db_query("SELECT COUNT(*) FROM prefix_topic_alerts WHERE uid = " . $_SESSION['authid'] . " AND tid = " . $tid), 0)) {
db_query("INSERT INTO prefix_topic_alerts (tid,uid) VALUES (" . $tid . ", " . $_SESSION['authid'] . ")");
}
}
# topic alert ende
db_query("INSERT INTO `prefix_posts` (tid,fid,erst,erstid,time,txt) VALUES ( " . $tid . ", " . $fid . ", '" . $erst . "', " . $uid . ", " . $time . ", '" . $txt . "')");
$pid = db_last_id();
db_query("UPDATE `prefix_topics` SET last_post_id = " . $pid . ", rep = rep + 1 WHERE id = " . $tid);
db_query("UPDATE `prefix_forums` SET posts = posts + 1, last_post_id = " . $pid . " WHERE id = " . $fid);
$page = ceil(($aktTopicRow['rep'] + 2) / $allgAr['Fpanz']);
function user_regist($name, $mail, $pass)
{
global $allgAr, $lang;
$erg = db_query("SELECT id FROM prefix_user WHERE name = BINARY '" . $name . "'");
if (db_num_rows($erg) > 0) {
return false;
}
if ($allgAr['forum_regist_user_pass'] == 0) {
$new_pass = genkey(8);
} else {
$new_pass = $pass;
}
$passwordHash = user_pw_crypt($new_pass);
$confirmlinktext = '';
# confirm insert in confirm tb not confirm insert in user tb
if ($allgAr['forum_regist_confirm_link'] == 1) {
# confirm link + text ... bit of shit put it in languages file
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$id = md5(uniqid(rand()));
$confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id);
db_query("INSERT INTO prefix_usercheck (`check`,name,email,pass,datime,ak)\n\t\tVALUES ('" . $id . "','" . $name . "','" . $mail . "','" . $passwordHash . "',NOW(),1)");
} else {
db_query("INSERT INTO prefix_user (name,pass,recht,regist,llogin,email,status,opt_mail,opt_pm)\n\t\tVALUES('" . $name . "','" . $passwordHash . "',-1,'" . time() . "','" . time() . "','" . $mail . "',1,1,1)");
$userid = db_last_id();
}
$regmail = sprintf($lang['registemail'], $name, $confirmlinktext, $name, $new_pass);
icmail($mail, 'Anmeldung', $regmail);
# email an user
return true;
}
// email aendern
if ($_POST['email'] != $_POST['aemail']) {
$id = $_SESSION['authid'] . '||' . md5(uniqid(rand()));
db_query("INSERT INTO `prefix_usercheck` (`check`,`email`,`datime`,`ak`)\r\n VALUES ('" . $id . "','" . escape($_POST['email'], 'string') . "',NOW(),3)");
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$text = $lang['changedthemail'] . sprintf($lang['registconfirmlink'], $page, $id);
icmail($_POST['email'], $lang['mail'] . ' ' . $lang['changed'], $text);
$fmsg = $lang['pleaseconfirmmail'];
}
// remove account
if (isset($_POST['removeaccount'])) {
$id = $_SESSION['authid'] . '-remove-' . md5(uniqid(rand()));
db_query("INSERT INTO `prefix_usercheck` (`check`,`email`,`datime`,`ak`)\r\n VALUES ('" . $id . "','" . escape($_POST['email'], 'string') . "',NOW(),5)");
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$text = $lang['removeconfirm'] . sprintf($lang['registconfirmlink'], $page, $id);
icmail($_POST['email'], html_entity_decode($lang['removeaccount']), $text);
$fmsg = $lang['pleaseconfirmremove'];
}
// remove account
// statische felder speichern
db_query("UPDATE prefix_user\r\n\t\t\t SET\r\n homepage = '" . get_homepage(escape($_POST['homepage'], 'string')) . "',\r\n wohnort = '" . escape($_POST['wohnort'], 'string') . "',\r\n icq = '" . escape($_POST['icq'], 'string') . "',\r\n msn = '" . escape($_POST['msn'], 'string') . "',\r\n yahoo = '" . escape($_POST['yahoo'], 'string') . "',\r\n " . $avatar_sql_update . "\r\n\t\t " . $userpic_sql_update . "\r\n aim = '" . escape($_POST['aim'], 'string') . "',\r\n staat = '" . escape($_POST['staat'], 'string') . "',\r\n geschlecht = '" . escape($_POST['geschlecht'], 'string') . "',\r\n status = '" . escape($_POST['status'], 'string') . "',\r\n opt_mail = '" . escape($_POST['opt_mail'], 'string') . "',\r\n opt_pm = '" . escape($_POST['opt_pm'], 'string') . "',\r\n opt_pm_popup = '" . escape($_POST['opt_pm_popup'], 'string') . "',\r\n gebdatum = '" . get_datum(escape($_POST['gebdatum'], 'string')) . "',\r\n sig = '" . substr(escape($_POST['sig'], 'string'), 0, $allgAr['forum_max_sig']) . "'\r\n\t\t\t\tWHERE id = " . $_SESSION['authid']);
// change other profil fields
profilefields_change_save($_SESSION['authid']);
$design->header();
// definie and print msg
$fmsg = isset($fmsg) ? $fmsg : $lang['changesuccessful'];
wd('?user-8', $fmsg, 3);
}
} else {
$tpl = new tpl('user/login');
$tpl->set_out('WDLINK', '?user-8', 0);
defined('main') or die('no direct access');
$title = $allgAr['title'] . ' :: Users :: Password Reminder';
$hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">Users</a><b> » </b> Password Reminder' . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 1);
$design->header();
$show = true;
if (isset($_POST['name'])) {
$name = escape($_POST['name'], 'string');
$erg = db_query("SELECT email FROM prefix_user WHERE name = BINARY '" . $name . "'");
if (db_num_rows($erg) == 1) {
$row = db_fetch_assoc($erg);
$new_pass = genkey(8);
$passwordHash = user_pw_crypt($new_pass);
$id = md5(uniqid(rand()));
db_query("INSERT INTO prefix_usercheck (`check`,name,email,pass,datime,ak)\r\n\t\tVALUES ('" . $id . "','" . $name . "','" . $row['email'] . "','" . $passwordHash . "',NOW(),2)");
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id);
$regmail = sprintf($lang['newpasswordmail'], $name, $confirmlinktext, $new_pass);
icmail($row['email'], 'Password Reminder', $regmail);
# email an user
echo $lang['youhavereceivedaemail'];
$show = false;
} else {
echo $lang['namenotfound'];
}
}
if ($show) {
$tpl = new tpl('user/new_pass');
$tpl->out(0);
}
$design->footer();