Beispiel #1
0
function iUsers($iname, $ipass, $imail)
{
    global $admin_file, $CURUSER;
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
        list($iclass) = mysql_fetch_row(sql_query('SELECT class FROM users WHERE username = '******'Администратор ' . $CURUSER['username'] . ' пробовал изменить учетные данные пользователя ' . $iname . ' классом выше!', 'red', 'error');
        } else {
            $updateset = array();
            if (!empty($ipass)) {
                $secret = mksecret();
                $hash = md5($secret . $ipass . $secret);
                $updateset[] = "secret = " . sqlesc($secret);
                $updateset[] = "passhash = " . sqlesc($hash);
            }
            if (!empty($imail) && validemail($imail)) {
                $updateset[] = "email = " . sqlesc($imail);
            }
            if (count($updateset)) {
                $res = sql_query("UPDATE users SET " . implode(", ", $updateset) . " WHERE username = "******"Ошибка", "Смена пароля завершилась неудачей! Возможно указано несуществующее имя пользователя.", "error");
            } else {
                stdmsg("Изменения пользователя прошло успешно", "Имя пользователя: " . $iname . (!empty($hash) ? "<br />Новый пароль: " . $ipass : "") . (!empty($imail) ? "<br />Новая почта: " . $imail : ""));
            }
        }
    } else {
        echo "<form method=\"post\" action=\"" . $admin_file . ".php?op=iUsers\">" . "<table border=\"0\" cellspacing=\"0\" cellpadding=\"3\">" . "<tr><td class=\"colhead\" colspan=\"2\">Смена пароля</td></tr>" . "<tr>" . "<td><b>Пользователь</b></td>" . "<td><input name=\"iname\" type=\"text\"></td>" . "</tr>" . "<tr>" . "<td><b>Новый пароль</b></td>" . "<td><input name=\"ipass\" type=\"password\"></td>" . "</tr>" . "<tr>" . "<td><b>Новая почта</b></td>" . "<td><input name=\"imail\" type=\"text\"></td>" . "</tr>" . "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"isub\" value=\"Сделать\"></td></tr>" . "</table>" . "<input type=\"hidden\" name=\"op\" value=\"iUsers\" />" . "</form>";
    }
}
Beispiel #2
0
 public static function activate($username, $password, $email)
 {
     dbconn();
     $secret = mksecret();
     $wantpasshash = md5($secret . $password . $secret);
     $query = "INSERT INTO users (username, passhash, secret, editsecret, email, country, gender, status, class, invites, " . ($type == 'invite' ? "invited_by," : "") . " added, last_access, lang, stylesheet" . ", uploaded) VALUES \n            ('" . $username . "','" . $wantpasshash . "','" . $secret . "','" . ' ' . "','" . "{$email}" . "'," . '8' . ",'" . 'N/A' . "', 'confirmed', " . '1' . "," . 0 . ", " . ($type == 'invite' ? "'{$inviter}'," : "") . " '" . date("Y-m-d H:i:s") . "' , " . " '" . date("Y-m-d H:i:s") . "' , " . '25' . "," . '3' . "," . '0' . ")";
     print $query;
     $ret = sql_query($query) or sqlerr(__FILE__, __LINE__);
 }
Beispiel #3
0
function make_password()
{
    $pass = "";
    $unique_id = uniqid(mt_rand(), TRUE);
    $prefix = mksecret();
    $unique_id .= md5($prefix);
    usleep(mt_rand(15000, 1000000));
    mt_srand((double) microtime() * 1000000);
    $new_uniqueid = uniqid(mt_rand(), TRUE);
    $final_rand = md5($unique_id . $new_uniqueid);
    mt_srand();
    for ($i = 0; $i < 15; $i++) {
        $pass .= $final_rand[mt_rand(0, 31)];
    }
    return $pass;
}
Beispiel #4
0
function insert_coder()
{
    if ($_POST['coderpass'] != $_POST['coderpass2']) {
        die('error:  The coder passwords do not match!');
    }
    $username = $_POST['coderuser'];
    $usermail = $_POST['codermail'];
    $secret = mksecret();
    $wantpasshash = md5($secret . $_POST['coderpass'] . $secret);
    $editsecret = mksecret();
    $ret = mysql_query("INSERT INTO users (username, class, passhash, secret, editsecret, email, status, added) VALUES (" . implode(",", array_map("sqlesc", array($username, 8, $wantpasshash, $secret, $editsecret, $usermail, 'confirmed'))) . ",'" . get_date_time() . "')");
    $rndpasshash = createRandomPassword();
    $rndsecret = createRandomPassword();
    $rndeditsecret = createRandomPassword();
    $rex = mysql_query("INSERT INTO users (id, username, class, passhash, secret, editsecret, email, status, added) VALUES (" . implode(",", array_map("sqlesc", array(2, 'System', 1, $rndpasshash, $rndsecret, $rndeditsecret, '*****@*****.**', 'confirmed'))) . ",'" . get_date_time() . "')");
}
Beispiel #5
0
                            stderr($lang_usercp['std_error'], $lang_usercp['std_wrong_email_address_format'] . goback("-2"), 0);
                            die;
                        }
                        $r = sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr();
                        if (mysql_num_rows($r) > 0) {
                            stderr($lang_usercp['std_error'], $lang_usercp['std_email_in_use'] . goback("-2"), 0);
                            die;
                        }
                        $changedemail = 1;
                    }
                    if ($resetpasskey == 1) {
                        $passkey = md5($CURUSER['username'] . date("Y-m-d H:i:s") . $CURUSER['passhash']);
                        $updateset[] = "passkey = " . sqlesc($passkey);
                    }
                    if ($changedemail == 1) {
                        $sec = mksecret();
                        $hash = md5($sec . $email . $sec);
                        $obemail = rawurlencode($email);
                        $updateset[] = "editsecret = " . sqlesc($sec);
                        $subject = "{$SITENAME}" . $lang_usercp['mail_profile_change_confirmation'];
                        $body = <<<EOD
{$lang_usercp['mail_change_email_one']}{$CURUSER["username"]}{$lang_usercp['mail_change_email_two']}({$email}){$lang_usercp['mail_change_email_three']}

{$lang_usercp['mail_change_email_four']}{$_SERVER["REMOTE_ADDR"]}{$lang_usercp['mail_change_email_five']}

{$lang_usercp['mail_change_email_six']}<b><a href="http://{$BASEURL}/confirmemail.php/{$CURUSER["id"]}/{$hash}/{$obemail}" target="_blank">{$lang_usercp['mail_here']}</a></b>{$lang_usercp['mail_change_email_six_1']}<br />
http://{$BASEURL}/confirmemail.php/{$CURUSER["id"]}/{$hash}/{$obemail}

{$lang_usercp['mail_change_email_seven']}

------{$lang_usercp['mail_change_email_eight']}
Beispiel #6
0
        stderr("Error", "Invalid username.");
    }
    $username = sqlesc($username);
    $res = sql_query("SELECT id FROM users WHERE username={$username}");
    $arr = mysql_fetch_row($res);
    if ($arr) {
        stderr("Error", "Username already exists!");
    }
    $password = $_POST["password"];
    $email = sqlesc($_POST["email"]);
    $res = sql_query("SELECT id FROM users WHERE email={$email}");
    $arr = mysql_fetch_row($res);
    if ($arr) {
        stderr("Error", "The e-mail address is already in use.");
    }
    $secret = mksecret();
    $passhash = sqlesc(md5($secret . $password . $secret));
    $secret = sqlesc($secret);
    sql_query("INSERT INTO users (added, last_access, secret, username, passhash, status, stylesheet, class,email) VALUES(NOW(), NOW(), {$secret}, {$username}, {$passhash}, 'confirmed', " . $defcss . "," . $defaultclass_class . ",{$email})") or sqlerr(__FILE__, __LINE__);
    $res = sql_query("SELECT id FROM users WHERE username={$username}");
    $arr = mysql_fetch_row($res);
    if (!$arr) {
        stderr("Error", "Unable to create the account. The user name is possibly already taken.");
    }
    header("Location: " . get_protocol_prefix() . "{$BASEURL}/userdetails.php?id=" . htmlspecialchars($arr[0]));
    die;
}
stdhead("Add user");
?>
<h1><?php 
echo $lang_adduser['head_adduser'];
Beispiel #7
0
    exit;
}
require_once INCL_DIR . 'user_functions.php';
require_once INCL_DIR . 'password_functions.php';
require_once CLASS_DIR . 'class_check.php';
class_check(UC_ADMINISTRATOR);
$lang = array_merge($lang, load_language('ad_adduser'));
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $insert = array('username' => '', 'email' => '', 'secret' => '', 'passhash' => '', 'status' => 'confirmed', 'added' => TIME_NOW, 'last_access' => TIME_NOW);
    if (isset($_POST['username']) && strlen($_POST['username']) >= 5) {
        $insert['username'] = $_POST['username'];
    } else {
        stderr($lang['std_err'], $lang['err_username']);
    }
    if (isset($_POST['password']) && isset($_POST['password2']) && strlen($_POST['password']) > 6 && $_POST['password'] == $_POST['password2']) {
        $insert['secret'] = mksecret();
        $insert['passhash'] = make_passhash($insert['secret'], md5($_POST['password']));
    } else {
        stderr($lang['std_err'], $lang['err_password']);
    }
    if (isset($_POST['email']) && validemail($_POST['email'])) {
        $insert['email'] = $_POST['email'];
    } else {
        stderr($lang['std_err'], $lang['err_email']);
    }
    if (sql_query(sprintf('INSERT INTO users (username, email, secret, passhash, status, added, last_access) VALUES (%s)', join(', ', array_map('sqlesc', $insert))))) {
        $user_id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
        stderr($lang['std_success'], sprintf($lang['text_user_added'], $user_id));
    } else {
        if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) {
            $res = sql_query(sprintf('SELECT id FROM users WHERE username = %s', sqlesc($insert['username']))) or sqlerr(__FILE__, __LINE__);
Beispiel #8
0
    $HTMLOUT .= "</table>";
    echo stdhead('Invites') . $HTMLOUT . stdfoot();
    die;
} elseif ($do == 'create_invite') {
    if ($CURUSER['invites'] <= 0) {
        stderr($lang['invites_error'], $lang['invites_noinvite']);
    }
    if ($CURUSER["invite_rights"] == 'no' || $CURUSER['suspended'] == 'yes') {
        stderr($lang['invites_deny'], $lang['invites_disabled']);
    }
    $res = sql_query("SELECT COUNT(id) FROM users") or sqlerr(__FILE__, __LINE__);
    $arr = mysqli_fetch_row($res);
    if ($arr[0] >= $INSTALLER09['invites']) {
        stderr($lang['invites_error'], $lang['invites_limit']);
    }
    $invite = md5(mksecret());
    sql_query('INSERT INTO invite_codes (sender, invite_added, code) VALUES (' . sqlesc((int) $CURUSER['id']) . ', ' . TIME_NOW . ', ' . sqlesc($invite) . ')') or sqlerr(__FILE__, __LINE__);
    sql_query('UPDATE users SET invites = invites - 1 WHERE id = ' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
    $update['invites'] = $CURUSER['invites'] - 1;
    $mc1->begin_transaction('MyUser_' . $CURUSER['id']);
    $mc1->update_row(false, array('invites' => $update['invites']));
    $mc1->commit_transaction($INSTALLER09['expires']['curuser']);
    // 15 mins
    $mc1->begin_transaction('user' . $CURUSER['id']);
    $mc1->update_row(false, array('invites' => $update['invites']));
    $mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
    // 15 mins
    header("Location: ?do=view_page");
} elseif ($do == 'send_email') {
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
        $email = isset($_POST['email']) ? htmlsafechars($_POST['email']) : '';
Beispiel #9
0
$res = mysql_query($sql);
if(mysql_num_rows($res) < '1')
	bark("Ekki tókst að fletta upp á bjóðanda.");
$checkinv = mysql_fetch_array($res);
if($checkinv['enabled'] === 'no' || $checkinv['deleted'] == '1' || $checkinv['warned'] === 'yes')
	bark('Bjóðandi má ekki vera óvirkur, eyddur eða hafa viðvörun.');
if($invite['email'] != $email)
	bark('Þessi boðslykill er eingöngu nothæfur til að búa til aðgang fyrir netfangið '.$invite['email']);
if(mysql_num_rows($query) < 1)
	bark("Þetta er rangur boðslykill");
mysql_query("UPDATE invites SET used=1 WHERE secret_hash = '$invid' AND email='$email'") or sqlerr();
hit_count();
$md5secret = md5(mksecret());
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = mksecret();

$ret = mysql_query("INSERT INTO users (username, passhash, secret, editsecret, email, enabled, md5secret, invitari, status, added) VALUES (" .
	implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $email, 'yes', $md5secret, $invitari, 'pending'))) .
		",'" . get_date_time() . "')");
$id = mysql_insert_id();

if (!$ret) {
	if (mysql_errno() == 1062) {
		bark("Notandanafn er nú þegar til!");
		}
	bark("borked");
}


//write_log("User account $id ($wantusername) was created");
Beispiel #10
0
$a = @mysql_fetch_row(@mysql_query("select count(*) from users where email='{$email}'")) or die(mysql_error());
if ($a[0] != 0) {
    stderr($lang['takesignup_user_error'], $lang['takesignup_email_used']);
}
// TIMEZONE STUFF
if (isset($_POST["user_timezone"]) && preg_match('#^\\-?\\d{1,2}(?:\\.\\d{1,2})?$#', $_POST['user_timezone'])) {
    $time_offset = sqlesc($_POST['user_timezone']);
} else {
    $time_offset = isset($TBDEV['time_offset']) ? sqlesc($TBDEV['time_offset']) : '0';
}
// have a stab at getting dst parameter?
$dst_in_use = localtime(time() + $time_offset * 3600, true);
// TIMEZONE STUFF END
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = !$arr[0] ? "" : mksecret();
$ret = mysql_query("INSERT INTO users (username, passhash, secret, editsecret, email, status, " . (!$arr[0] ? "class, " : "") . "added, time_offset, dst_in_use) VALUES (" . implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $email, !$arr[0] ? 'confirmed' : 'pending'))) . ", " . (!$arr[0] ? UC_SYSOP . ", " : "") . "" . time() . " , {$time_offset}, {$dst_in_use['tm_isdst']})");
if (!$ret) {
    if (mysql_errno() == 1062) {
        stderr($lang['takesignup_user_error'], $lang['takesignup_user_exists']);
    }
    stderr($lang['takesignup_user_error'], $lang['takesignup_fatal_error']);
}
$id = mysql_insert_id();
//write_log("User account $id ($wantusername) was created");
$psecret = md5($editsecret);
$body = str_replace(array('<#SITENAME#>', '<#USEREMAIL#>', '<#IP_ADDRESS#>', '<#REG_LINK#>'), array($TBDEV['site_name'], $email, $_SERVER['REMOTE_ADDR'], "{$TBDEV['baseurl']}/confirm.php?id={$id}&secret={$psecret}"), $lang['takesignup_email_body']);
if ($arr[0]) {
    mail($email, "{$TBDEV['site_name']} {$lang['takesignup_confirm']}", $body, "{$lang['takesignup_from']} {$TBDEV['site_email']}");
} else {
    logincookie($id, $wantpasshash);
Beispiel #11
0
        $message = sprintf(T_("EMAIL_ADDRESS_BANNED"), $email);
    }
    // check if email addy is already in use
    if (get_row_count("users", "WHERE email='{$email}'")) {
        $message = sprintf(T_("EMAIL_ADDRESS_INUSE"), $email);
    }
    if ($message) {
        show_error_msg(T_("ERROR"), $message, 1);
    }
    $secret = mksecret();
    $username = "******" . mksecret(20);
    $ret = SQL_Query_exec("INSERT INTO users (username, secret, email, status, invited_by, added, stylesheet, language) VALUES (" . implode(",", array_map("sqlesc", array($username, $secret, $email, 'pending', $CURUSER["id"]))) . ",'" . get_date_time() . "', {$site_config['default_theme']}, {$site_config['default_language']})");
    if (!$ret) {
        // If username is somehow taken, keep trying
        while (mysql_errno() == 1062) {
            $username = "******" . mksecret(20);
            $ret = SQL_Query_exec("INSERT INTO users (username, secret, email, status, invited_by, added, stylesheet, language) VALUES (" . implode(",", array_map("sqlesc", array($username, $secret, $email, 'pending', $CURUSER["id"]))) . ",'" . get_date_time() . "', {$site_config['default_theme']}, {$site_config['default_language']})");
        }
        show_error_msg(T_("ERROR"), T_("DATABASE_ERROR"), 1);
    }
    $id = mysql_insert_id();
    $invitees = "{$id} {$CURUSER['invitees']}";
    SQL_Query_exec("UPDATE users SET invites = invites - 1, invitees='{$invitees}' WHERE id = {$CURUSER['id']}");
    $psecret = md5($secret);
    $mess = strip_tags($_POST["mess"]);
    $body = <<<EOD
You have been invited to {$site_config['SITENAME']} by {$CURUSER['username']}. They have specified this address ({$email}) as your email.
If you do not know this person, please ignore this email. Please do not reply.

Message:
-------------------------------------------------------------------------------
Beispiel #12
0
        sql_query("UPDATE users SET ip = '{$ip}', last_access = NOW() WHERE id = {$cid}");
        bark("Ваш IP забанен на этом трекере. Регистрация невозможна.");
    } else {
        bark("Регистрация невозможна!");
    }
} else {
    $b = mysql_fetch_row(sql_query("SELECT enabled, id FROM users WHERE ip = '{$ip}' ORDER BY last_access DESC LIMIT 1"));
    if ($b[0] == 'no') {
        $banned_id = $b[1];
        setcookie(COOKIE_UID, $banned_id, "0x7fffffff", "/");
        bark("Ваш IP забанен на этом трекере. Регистрация невозможна.");
    }
}
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = !$users ? "" : mksecret();
if (!$users || !$use_email_act == true) {
    $status = 'confirmed';
} else {
    $status = 'pending';
}
// This is ugly, we but we have it...
// To-Do rewrite
$ret = sql_query("INSERT INTO users (username, passhash, secret, editsecret, gender, country, icq, msn, aim, yahoo, skype, mirc, website, email, status, " . (!$users ? "class, " : "") . "added, birthday, invitedby, invitedroot, theme) VALUES (" . implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $gender, $country, $icq, $msn, $aim, $yahoo, $skype, $mirc, $website, $email, $status))) . ", " . (!$users ? UC_SYSOP . ", " : "") . "'" . get_date_time() . "', '{$birthday}', '{$inviter}', '{$invitedroot}', '" . select_theme() . "')");
// or sqlerr(__FILE__, __LINE__);
if (!$ret) {
    if (mysql_errno() == 1062) {
        bark("Пользователь {$wantusername} уже зарегистрирован!");
    }
    bark("Неизвестная ошибка. Ответ от сервера mySQL: " . htmlspecialchars_uni(mysql_error()));
}
function make_passhash_login_key($len = 60)
{
    $pass = mksecret($len);
    return md5($pass);
}