Beispiel #1
0
        if ($_POST['email'] != $_POST['aemail']) {
            $id = $_SESSION['authid'] . '||' . md5(uniqid(rand()));
            db_query("INSERT INTO prefix_usercheck (`check`,email,datime,ak)\r\n    VALUES ('" . $id . "','" . escape($_POST['email'], 'string') . "',NOW(),3)");
            $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
            $text = $lang['changedthemail'] . sprintf($lang['registconfirmlink'], $page, $id);
            icmail($_POST['email'], $lang['mail'] . ' ' . $lang['changed'], $text);
            $fmsg = $lang['pleaseconfirmmail'];
        }
        #
        #remove account
        if (isset($_POST['removeaccount'])) {
            $id = $_SESSION['authid'] . '-remove-' . md5(uniqid(rand()));
            db_query("INSERT INTO prefix_usercheck (`check`,email,datime,ak)\r\n    VALUES ('" . $id . "','" . escape($_POST['email'], 'string') . "',NOW(),5)");
            $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
            $text = $lang['removeconfirm'] . sprintf($lang['registconfirmlink'], $page, $id);
            icmail($_POST['email'], html_entity_decode($lang['removeaccount'], ILCH_ENTITIES_FLAGS, ILCH_CHARSET), $text);
            $fmsg = $lang['pleaseconfirmremove'];
        }
        #remove account
        # statische felder speichern
        db_query("UPDATE prefix_user\r\n\t\t\t  SET\r\n          homepage = '" . get_homepage(escape($_POST['homepage'], 'string')) . "',\r\n          wohnort = '" . escape($_POST['wohnort'], 'string') . "',\r\n          icq = '" . escape($_POST['icq'], 'string') . "',\r\n          msn = '" . escape($_POST['msn'], 'string') . "',\r\n          yahoo = '" . escape($_POST['yahoo'], 'string') . "',\r\n          " . $avatar_sql_update . "\r\n          aim = '" . escape($_POST['aim'], 'string') . "',\r\n          staat = '" . escape($_POST['staat'], 'string') . "',\r\n          geschlecht = '" . escape($_POST['geschlecht'], 'string') . "',\r\n          status = '" . escape($_POST['status'], 'string') . "',\r\n          opt_mail = '" . escape($_POST['opt_mail'], 'string') . "',\r\n          opt_pm = '" . escape($_POST['opt_pm'], 'string') . "',\r\n          opt_pm_popup = '" . escape($_POST['opt_pm_popup'], 'string') . "',\r\n          gebdatum = '" . get_datum(escape($_POST['gebdatum'], 'string')) . "',\r\n          sig = '" . substr(escape($_POST['sig'], 'string'), 0, $allgAr['forum_max_sig']) . "'\r\n\t\t\t\tWHERE id = " . $_SESSION['authid']);
        # change other profil fields
        profilefields_change_save($_SESSION['authid']);
        $design->header();
        # definie and print msg
        $fmsg = isset($fmsg) ? $fmsg : $lang['changesuccessful'];
        wd('?user-8', $fmsg, 3);
    }
} else {
    $tpl = new tpl('user/login');
    $tpl->set_out('WDLINK', '?user-8', 0);
Beispiel #2
0
		  <td class="Cmite">Deine eMail</td>
			<td class="Cnorm"><input type="text" name="email" value="<?php 
    echo $_POST['email'];
    ?>
"></td>
		</tr><tr class="Cnorm">
		  <td class="Cmite" v>Nachricht</td>
		  <td class="Cnorm"><textarea cols="40" rows="10" name="txt"><?php 
    echo $_POST['txt'];
    ?>
</textarea></td>
		</tr><tr class="Cdark">
		  <td></td>
			<td><input type="submit" name="send" value="<?php 
    echo $lang['formsub'];
    ?>
"></td>
    </tr>
  </table></form>
  <?php 
} else {
    $_SESSION['klicktime'] = time();
    if (1 == $row['opt_mail']) {
        icmail($row['email'], strip_tags($_POST['bet']), strip_tags($_POST['txt']), 'SeitenKontakt <' . escape_for_email($_POST['email']) . '>');
        wd('index.php?forum', 'Die eMail wurde erfolgreich versendet');
    } else {
        header('location: index.php?' . $allAr['smodul']);
        exit;
    }
}
$design->footer();
defined('main') or die('no direct access');
$title = $allgAr['title'] . ' :: Users :: Password Reminder';
$hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">Users</a><b> &raquo; </b> Password Reminder' . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 1);
$design->header();
$show = true;
if (isset($_POST['email'])) {
    $email = get_lower(escape($_POST['email'], 'string'));
    $erg = db_query("SELECT `name` FROM `prefix_user` WHERE `email` = BINARY '" . $email . "'");
    if (db_num_rows($erg) == 1) {
        $row = db_fetch_assoc($erg);
        $new_pass = genkey(8);
        $md5_pass = md5($new_pass);
        $id = md5(uniqid(rand()));
        db_query("INSERT INTO `prefix_usercheck` (`check`,`name`,`email`,`pass`,`datime`,`ak`)\n\t\tVALUES ('" . $id . "','" . $row['name'] . "','" . $email . "','" . $md5_pass . "',NOW(),2)");
        $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
        $confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id);
        $regmail = sprintf($lang['newpasswordmail'], $row['name'], $confirmlinktext, $new_pass);
        icmail($email, 'Password Reminder', $regmail);
        // email an user
        echo $lang['youhavereceivedaemail'];
        $show = false;
    } else {
        echo $lang['namenotfound'];
    }
}
if ($show) {
    $tpl = new tpl('user/new_pass');
    $tpl->out(0);
}
$design->footer();
Beispiel #4
0
    $mail = escape_for_email($_POST['mail']);
    $subject = escape_for_email($_POST['subject'], true);
    $wer = escape_for_email($_POST['wer']);
    $text = $_POST['txt'];
    $wero = FALSE;
    foreach ($k as $a) {
        $e = explode('|', $a);
        if (md5($e[0]) == $wer) {
            $wero = TRUE;
            $wer = $e[0];
            break;
        }
    }
    if (strpos($text, 'Content-Type:') === FALSE and strpos($text, 'MIME-Version:') === FALSE and strpos($mail, '@') !== FALSE and $wero === TRUE and strlen($name) <= 30 and strlen($mail) <= 30 and strlen($text) <= 5000 and $mail != $name and $name != $text and $text != $mail) {
        $subject = "Kontakt: " . $subject;
        if (icmail($wer, $subject, $text, $name . " <" . $mail . ">")) {
            echo $lang['emailsuccessfullsend'];
        } else {
            echo 'Der Server konnte die Mail nicht versenden, teilen sie dies ggf. einem Administrator mit.';
        }
        $name = '';
        $mail = '';
        $subject = '';
        $wer = '';
        $text = '';
    } else {
        echo $lang['emailcouldnotsend'];
    }
}
$tpl = new tpl('contact.htm');
$tpl->out(0);
Beispiel #5
0
         $new_pass = $_POST['pass'];
         $passwordHash = user_pw_crypt($new_pass);
         db_query("INSERT INTO prefix_user (name,pass,recht,regist,llogin,email)\r\n\t\t    VALUES('" . $_POST['name'] . "','" . $passwordHash . "'," . $_POST['recht'] . ",'" . time() . "','" . time() . "','" . $_POST['email'] . "')");
         $userid = db_last_id();
         db_query("INSERT INTO prefix_userfields (uid,fid,val) VALUES (" . $userid . ",2,'1')");
         db_query("INSERT INTO prefix_userfields (uid,fid,val) VALUES (" . $userid . ",3,'1')");
         if (isset($_POST['info'])) {
             $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
             $page = str_replace('admin.php', 'index.php', $page);
             $tpl = new tpl('user/new_user_email', 1);
             $tpl->set('name', $_POST['name']);
             $tpl->set('pass', $_POST['pass']);
             $tpl->set('page', $page);
             $txt = $tpl->get(0);
             unset($tpl);
             icmail($_POST['email'], 'Admin hat dich angelegt', $txt);
         }
         $msg = 'Benutzer angelegt <a href="javascript:closeThisWindow()">Fenster schließen</a>';
     }
 }
 $pass = '';
 $email = '';
 $recht = '';
 if (isset($_POST['pass'])) {
     $pass = $_POST['pass'];
 }
 if (isset($_POST['email'])) {
     $email = $_POST['email'];
 }
 if (isset($_POST['recht'])) {
     $recht = $_POST['recht'];
Beispiel #6
0
function sendpm($sid, $eid, $ti, $te, $status = 0)
{
    $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
    // Testen, ob Array. Sonst umwandeln.
    if (!is_array($eid)) {
        $eid = array($eid);
    }
    // Alle Emf�nger durchlaufen
    foreach ($eid as $empf) {
        // PM schreiben und ID speichern
        db_query("INSERT INTO `prefix_pm` (`sid`,`eid`,`time`,`titel`,`txt`,`status`) VALUES (" . $sid . "," . $empf . ",'" . time() . "','" . $ti . "','" . $te . "'," . $status . ")");
        $last_id = db_last_id();
        // Alle Zeiten der letzten PMs abfragen, die nach dem letzten Login des Empf�ngers verschickt wurden
        $erg = db_query("SELECT `b`.`time` FROM `prefix_user` AS `a` LEFT JOIN `prefix_pm` AS `b` ON `a`.`id` = `b`.`eid` AND `b`.`id` != " . $last_id . " WHERE `a`.`id` = " . $empf . " AND `a`.`llogin` < `b`.`time`");
        // Wenn keine PM gefunden wurde, Email schreiben
        if (db_num_rows($erg) == 0) {
            // Email-Adresse abfragen und Email verschicken
            $mail = db_result(db_query("SELECT `email` FROM `prefix_user` WHERE `id` = " . $empf), 0);
            if (!empty($mail)) {
                icmail($mail, "Du hast eine neue Nachricht", "Hallo,\ndu hast eben eine Neue Nachricht mit dem Betreff '" . $ti . "' bekommen. Diese Nachricht kannst du nun unter folgender Adresse mit Deinen Logindaten aufrufen: " . $page . "?forum-privmsg-showmsg-" . $last_id . "\n\nWir wünschen Dir noch einen schönen Tag!");
            }
        }
    }
}
Beispiel #7
0
     $q = "SELECT `b`.`email`, `b`.`name` as `uname`, `b`.`id` as `uid` FROM `prefix_groupusers` `a` LEFT JOIN `prefix_user` `b` ON `a`.`uid` = `b`.`id` WHERE `a`.`gid` = '{$gid}'";
 } elseif ($usrogrp == 'r') {
     $q = "SELECT `email`,`id` as `uid` FROM `prefix_user` WHERE `recht` " . (isset($_POST['andhigher']) ? '<' : '') . "= '" . substr($_POST['auswahl'], 2, strlen($_POST['auswahl']) - 1) . "'";
 }
 $erg = db_query($q);
 $zahler = 0;
 if (db_num_rows($erg) > 0) {
     if ($mailopm == 'E') {
         $emails = array('bbc', $allgAr['adminMail']);
         while ($row = db_fetch_object($erg)) {
             if (!in_array($row->email, $emails) and preg_match('/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\\@([a-z0-9])' . '(([a-z0-9-])*([a-z0-9]))+' . '(\\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i', $row->email) == 1) {
                 $emails[] = $row->email;
                 $zahler++;
             }
         }
         icmail($emails, $_POST['bet'], $_POST['txt'], '', isset($_POST['html']));
     } elseif ($mailopm == 'P') {
         $uids = array();
         while ($row = db_fetch_object($erg)) {
             $uids[] = $row->uid;
             $zahler++;
         }
         sendpm($_SESSION['authid'], $uids, escape($_POST['bet'], 'string'), escape($_POST['txt'], 'string'), -1);
     }
     if ($mailopm == 'E') {
         $eMailorPmsg = 'eMail(s)';
     } elseif ($mailopm == 'P') {
         $eMailorPmsg = 'Private Nachrichte(n)';
     }
     wd('admin.php?newsletter', 'Es wurde(n) ' . $zahler . ' ' . $eMailorPmsg . ' verschickt.', 5);
 } else {
Beispiel #8
0
     $erst = escape($_SESSION['authname'], 'string');
     db_query("UPDATE `prefix_user` set posts = posts+1 WHERE id = " . $uid);
 } else {
     $erst = $xnn;
     $uid = 0;
 }
 # topic alert ausfuehren.
 $topic_alerts_abf = "SELECT\r\n      prefix_topics.name as topic,\r\n      prefix_user.email as email,\r\n      prefix_user.name as user,\r\n      prefix_user.id as uid\r\n    FROM prefix_topic_alerts\r\n      LEFT JOIN prefix_topics ON prefix_topics.id = prefix_topic_alerts.tid\r\n      LEFT JOIN prefix_user   ON prefix_user.id   = prefix_topic_alerts.uid\r\n    WHERE prefix_topic_alerts.tid = " . $tid;
 $topic_alerts_erg = db_query($topic_alerts_abf);
 while ($topic_alerts_row = db_fetch_assoc($topic_alerts_erg)) {
     if ($uid == $topic_alerts_row['uid']) {
         continue;
     }
     $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
     $text = sprintf($lang['topicalertmessage'], $topic_alerts_row['user'], $topic_alerts_row['topic'], $page, $tid);
     icmail($topic_alerts_row['email'], 'neue Antwort im Thema: "' . $topic_alerts_row['topic'] . '"', $text);
     debug($topic_alerts_row['email']);
 }
 db_query("DELETE FROM prefix_topic_alerts WHERE tid = " . $tid);
 # topic alert insert wenn gewaehlt.
 if (!empty($_POST['topic_alert']) and $_POST['topic_alert'] == 'yes' and loggedin()) {
     if (0 == db_result(db_query("SELECT COUNT(*) FROM prefix_topic_alerts WHERE uid = " . $_SESSION['authid'] . " AND tid = " . $tid), 0)) {
         db_query("INSERT INTO prefix_topic_alerts (tid,uid) VALUES (" . $tid . ", " . $_SESSION['authid'] . ")");
     }
 }
 # topic alert ende
 db_query("INSERT INTO `prefix_posts` (tid,fid,erst,erstid,time,txt) VALUES ( " . $tid . ", " . $fid . ", '" . $erst . "', " . $uid . ", " . $time . ", '" . $txt . "')");
 $pid = db_last_id();
 db_query("UPDATE `prefix_topics` SET last_post_id = " . $pid . ", rep = rep + 1 WHERE id = " . $tid);
 db_query("UPDATE `prefix_forums` SET posts = posts + 1, last_post_id = " . $pid . " WHERE id = " . $fid);
 $page = ceil(($aktTopicRow['rep'] + 2) / $allgAr['Fpanz']);
Beispiel #9
0
function user_regist($name, $mail, $pass)
{
    global $allgAr, $lang;
    $erg = db_query("SELECT id FROM prefix_user WHERE name = BINARY '" . $name . "'");
    if (db_num_rows($erg) > 0) {
        return false;
    }
    if ($allgAr['forum_regist_user_pass'] == 0) {
        $new_pass = genkey(8);
    } else {
        $new_pass = $pass;
    }
    $passwordHash = user_pw_crypt($new_pass);
    $confirmlinktext = '';
    # confirm insert in confirm tb not confirm insert in user tb
    if ($allgAr['forum_regist_confirm_link'] == 1) {
        # confirm link + text ... bit of shit put it in languages file
        $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
        $id = md5(uniqid(rand()));
        $confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id);
        db_query("INSERT INTO prefix_usercheck (`check`,name,email,pass,datime,ak)\n\t\tVALUES ('" . $id . "','" . $name . "','" . $mail . "','" . $passwordHash . "',NOW(),1)");
    } else {
        db_query("INSERT INTO prefix_user (name,pass,recht,regist,llogin,email,status,opt_mail,opt_pm)\n\t\tVALUES('" . $name . "','" . $passwordHash . "',-1,'" . time() . "','" . time() . "','" . $mail . "',1,1,1)");
        $userid = db_last_id();
    }
    $regmail = sprintf($lang['registemail'], $name, $confirmlinktext, $name, $new_pass);
    icmail($mail, 'Anmeldung', $regmail);
    # email an user
    return true;
}
Beispiel #10
0
        // email aendern
        if ($_POST['email'] != $_POST['aemail']) {
            $id = $_SESSION['authid'] . '||' . md5(uniqid(rand()));
            db_query("INSERT INTO `prefix_usercheck` (`check`,`email`,`datime`,`ak`)\r\n    VALUES ('" . $id . "','" . escape($_POST['email'], 'string') . "',NOW(),3)");
            $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
            $text = $lang['changedthemail'] . sprintf($lang['registconfirmlink'], $page, $id);
            icmail($_POST['email'], $lang['mail'] . ' ' . $lang['changed'], $text);
            $fmsg = $lang['pleaseconfirmmail'];
        }
        // remove account
        if (isset($_POST['removeaccount'])) {
            $id = $_SESSION['authid'] . '-remove-' . md5(uniqid(rand()));
            db_query("INSERT INTO `prefix_usercheck` (`check`,`email`,`datime`,`ak`)\r\n    VALUES ('" . $id . "','" . escape($_POST['email'], 'string') . "',NOW(),5)");
            $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
            $text = $lang['removeconfirm'] . sprintf($lang['registconfirmlink'], $page, $id);
            icmail($_POST['email'], html_entity_decode($lang['removeaccount']), $text);
            $fmsg = $lang['pleaseconfirmremove'];
        }
        // remove account
        // statische felder speichern
        db_query("UPDATE prefix_user\r\n\t\t\t  SET\r\n          homepage = '" . get_homepage(escape($_POST['homepage'], 'string')) . "',\r\n          wohnort = '" . escape($_POST['wohnort'], 'string') . "',\r\n          icq = '" . escape($_POST['icq'], 'string') . "',\r\n          msn = '" . escape($_POST['msn'], 'string') . "',\r\n          yahoo = '" . escape($_POST['yahoo'], 'string') . "',\r\n          " . $avatar_sql_update . "\r\n\t\t  " . $userpic_sql_update . "\r\n          aim = '" . escape($_POST['aim'], 'string') . "',\r\n          staat = '" . escape($_POST['staat'], 'string') . "',\r\n          geschlecht = '" . escape($_POST['geschlecht'], 'string') . "',\r\n          status = '" . escape($_POST['status'], 'string') . "',\r\n          opt_mail = '" . escape($_POST['opt_mail'], 'string') . "',\r\n          opt_pm = '" . escape($_POST['opt_pm'], 'string') . "',\r\n          opt_pm_popup = '" . escape($_POST['opt_pm_popup'], 'string') . "',\r\n          gebdatum = '" . get_datum(escape($_POST['gebdatum'], 'string')) . "',\r\n          sig = '" . substr(escape($_POST['sig'], 'string'), 0, $allgAr['forum_max_sig']) . "'\r\n\t\t\t\tWHERE id = " . $_SESSION['authid']);
        // change other profil fields
        profilefields_change_save($_SESSION['authid']);
        $design->header();
        // definie and print msg
        $fmsg = isset($fmsg) ? $fmsg : $lang['changesuccessful'];
        wd('?user-8', $fmsg, 3);
    }
} else {
    $tpl = new tpl('user/login');
    $tpl->set_out('WDLINK', '?user-8', 0);
defined('main') or die('no direct access');
$title = $allgAr['title'] . ' :: Users :: Password Reminder';
$hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">Users</a><b> &raquo; </b> Password Reminder' . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 1);
$design->header();
$show = true;
if (isset($_POST['name'])) {
    $name = escape($_POST['name'], 'string');
    $erg = db_query("SELECT email FROM prefix_user WHERE name = BINARY '" . $name . "'");
    if (db_num_rows($erg) == 1) {
        $row = db_fetch_assoc($erg);
        $new_pass = genkey(8);
        $passwordHash = user_pw_crypt($new_pass);
        $id = md5(uniqid(rand()));
        db_query("INSERT INTO prefix_usercheck (`check`,name,email,pass,datime,ak)\r\n\t\tVALUES ('" . $id . "','" . $name . "','" . $row['email'] . "','" . $passwordHash . "',NOW(),2)");
        $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
        $confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id);
        $regmail = sprintf($lang['newpasswordmail'], $name, $confirmlinktext, $new_pass);
        icmail($row['email'], 'Password Reminder', $regmail);
        # email an user
        echo $lang['youhavereceivedaemail'];
        $show = false;
    } else {
        echo $lang['namenotfound'];
    }
}
if ($show) {
    $tpl = new tpl('user/new_pass');
    $tpl->out(0);
}
$design->footer();