function new_row()
{
$new_email = security_filter(@$_POST['new_email']);
$new_pass = security_filter(@$_POST['new_pass']);
$new_passwd = security_filter(@$_POST['new_passwd']);
$new_port = security_filter(@$_POST['new_port']);
$new_transfer = security_filter(@$_POST['new_transfer']);
$new_transfer = (int) $new_transfer * 1024 * 1024;
$GLOBALS['DB']->query("INSERT INTO user (email,pass,passwd,port,transfer_enable) VALUES (?,?,?,?,?)", array($new_email, $new_pass, $new_passwd, $new_port, $new_transfer));
}
function sign_up()
{
$email = validate_email(@$_POST['email']);
$pass = security_filter(@$_POST['password']);
$token = security_filter(@$_POST['token']);
if (email_overlap($email)) {
echo "email overlap";
die;
}
$count = count($GLOBALS['DB']->query("SELECT * FROM user WHERE email=? and token=?", array($email, $token)));
if ($count > 0) {
echo "token auth success";
$result = $GLOBALS['DB']->query("UPDATE user SET activated='1', enable='1', pass=?, passwd='0000000' WHERE email=? and token=?", array($pass, $email, $token));
} else {
echo "token auth fail";
}
}
<?php
session_start();
$user = @$_SESSION['myemail'];
if ($user == NULL) {
header("location: ./../index.php");
die;
}
require './../config.php';
require './../src/security.php';
$which = security_filter(@$_POST['which']);
$old = security_filter(@$_POST['old']);
$new = security_filter(@$_POST['new']);
if ($which == "login") {
$count = count($DB->query("SELECT * FROM user WHERE email=? and pass=? and activated='1' ", array($user, $old)));
if ($count == 1) {
$result = $DB->query("UPDATE user SET pass=? WHERE email=?", array($new, $user));
echo "success";
} else {
echo "old login password is wrong";
}
}
if ($which == "ss") {
$count = count($DB->query("SELECT * FROM user WHERE email=? and passwd=? and activated='1' ", array($user, $old)));
if ($count == 1) {
$result = $DB->query("UPDATE user SET passwd=? WHERE email=?", array($new, $user));
echo "success";
} else {
echo "old ss password is wrong";
}
}
# -------------------------------------------------------------------
if (!empty($open_template)) {
include $open_template;
}
if (isset($_POST['button'])) {
foreach ($_POST as $key => $value) {
if ($key != 'button') {
if (preg_match('/^hidden_(.*)/i', $key)) {
$value = security_filter($value);
$key = trim(strstr($key, '_'), '_');
if (isset($hidden[$key])) {
$hidden_data[$key] = $value;
}
} else {
if (isset($question[$key])) {
$value = security_filter($value);
if ($question[$key]['type'] == 'checkbox') {
$value = "YES";
}
$results[$key] = $value;
}
}
}
}
# Now that the responses are processed, prepare the email.
$msg = "----------------- User Info -----------------\n\n";
$msg .= "Sent from: " . $_SERVER['REMOTE_HOST'] . " [" . $_SERVER['REMOTE_ADDR'] . "] \n";
$msg .= "Coming from (referer): " . $_SERVER['HTTP_REFERER'] . "\n";
$msg .= "Using (user agent): " . $_SERVER['HTTP_USER_AGENT'] . "\n\n";
$msg .= "---------------------------------------------\n\n";
if (isset($question)) {
<?php
require "config.php";
require "./src/security.php";
function echoandexit($str)
{
echo $str;
$GLOBALS['DB']->CloseConnection();
die;
}
if (!empty($_POST["username"]) and !empty($_POST["password"])) {
$email = security_filter($_POST["username"]);
$password = security_filter($_POST["password"]);
//$password=MD5($password.'ssmanager');
if ($email == "admin") {
if ($password == $GLOBALS['manager_password']) {
session_start();
$_SESSION['myemail'] = "admin";
echoandexit("success_admin");
} else {
echoandexit("admin auth failed!");
}
} else {
$count = count($DB->query("SELECT * FROM user WHERE email=? and pass=? and activated='1' ", array($email, $password)));
if ($count == 1) {
session_start();
$_SESSION['myemail'] = $email;
$_SESSION['mypassword'] = $password;
echoandexit("success_user");
} else {
echoandexit("user auth failed!");
if ($user == NULL) {
header("location: ./../index.php");
die;
}
require './../config.php';
require './../src/security.php';
if (@$_GET['action'] == 'get_vcode') {
require './../src/vcode.php';
$vcode = new Vcode(300, 40, 4);
$_SESSION['code'] = $vcode->getcode();
$vcode->outimg();
die;
}
if (!empty($_POST["giftcode"]) and !empty($_POST["vcode"])) {
$giftcode = security_filter($_POST['giftcode']);
$vcode = security_filter($_POST['vcode']);
if (strtolower($vcode) != strtolower($_SESSION['code'])) {
echo '<script>alert("CAPTCHA is wrong!");window.location.href="";</script>';
die;
}
$count = count($DB->query("SELECT * FROM gift WHERE code=? ", array($giftcode)));
if ($count > 0) {
$DB->query("DELETE FROM gift WHERE code=? ", array($giftcode));
$DB->query("UPDATE user SET transfer_enable = transfer_enable + 1000*1024*1024 WHERE email=? ", array($user));
echo '<script>window.location.href="./index.php";</script>';
die;
} else {
echo '<script>alert("Gift code is wrong!");window.location.href="";</script>';
die;
}
}
