if (!$member->hasAccess($consoleObj)) {
exit;
}
foreach ($_POST as $key => $value) {
$_POST[$key] = utf8_decode($_POST[$key]);
}
if ($member->authorizeLogin($_SESSION['btPassword'])) {
$memberInfo = $member->get_info();
// Check Security Code
if ($_POST['checkadmin'] != constant('ADMIN_KEY')) {
$result = $mysqli->query("SELECT * FROM " . $dbprefix . "failban WHERE ipaddress = '" . $IP_ADDRESS . "' AND pagename = 'edittheme'");
$countFails = $result->num_rows;
$adminKeyFails = $intMaxAttempts - $countFails;
$failbanObj->addNew(array("ipaddress", "pagename"), array($IP_ADDRESS, "edittheme"));
if ($adminKeyFails <= 0) {
$ipbanObj->set_tableKey("ipban_id");
$ipbanObj->addNew(array("ipaddress"), array($IP_ADDRESS));
$banMessage = "You have been permanently banned! If you are the true website admin, you will be able to unban yourself. If not... GTFO!";
echo "\n\t\t\t<div id='acoBan' style='display: none'><p align='center'>" . $banMessage . "</p></div>\n\t\t\t<script type='text/javascript'>\n\t\t\t\$(document).ready(function() {\n\t\t\n\t\t\t\$('#acoBan').dialog({\n\t\t\ttitle: 'Banned!',\n\t\t\tmodal: true,\n\t\t\tresizable: false,\n\t\t\twidth: 400,\n\t\t\tzIndex: 9999,\n\t\t\tbuttons: {\n\t\t\t'OK': function() {\n\t\t\t\$(this).dialog('close');\n\t\t}\n\t\t},\n\t\tbeforeClose: function() {\n\t\twindow.location = '" . $MAIN_ROOT . "banned.php';\n\t\t}\n\t\t\n\t\t});\n\t\t\$('.ui-dialog :button').blur();\n\t\t});\n\t\t</script>\n\t\t\n\t\t";
$scrollTop = false;
}
$countErrors++;
$dispError .= " <b>·</b> You entered an invalid admin key. Please check the config file for the correct admin key. You have " . $adminKeyFails . " more trys before being IP Banned. " . $IP_ADDRESS . "<br>";
}
// Update Header
if (!is_writable("../../../themes/" . $THEME . "/_header.php")) {
$countErrors++;
$dispError .= " <b>·</b> Unable to save header information.<br>";
} else {
$headerCode = $_POST['headerCode'];
$headerCode = str_replace("<", "<", $headerCode);
}
if ($countErrors == 0) {
$arrayCol = array('username', 'email', 'changekey', 'timeofrq');
$arrayVal = array($username, $email, $changekey, $time);
$forgotPassObj->addNew($arrayCol, $arrayVal);
$subject = 'Your Forgotten Password Request - ' . $CLAN_NAME;
$message = "\n<html>\n<body>\nHello,<br>\nYou've requested a change in your password on the clan website.<br>\n<br>\nPlease click the following link to continue and follow the instructions on the page it opens:<br>\n--------------------------------------------<br>\n<a href='{$url}?stage=validate&changekey={$changekey}'>{$url}?stage=validate&changekey={$changekey}</a><br>\n<br>\nThanks!\n";
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: ' . $CLAN_NAME . ' <no-reply@' . $siteDomain . '>' . "\r\n";
mail($email, $subject, $message, $headers);
echo "\n<div class='formDiv'>\nYour request has been successfully submitted. Please check your email for the link and further instructions.\n</div>\n";
}
} elseif ($stage == "validate" && $countErrors == 0) {
$changekey = $mysqli->real_escape_string($_GET['changekey']);
$forgotPassObj->set_tableKey("changekey");
if ($forgotPassObj->select($changekey, false)) {
$dataArr = $forgotPassObj->get_info();
$rqid = $dataArr['rqid'];
$username = $dataArr['username'];
$email = $dataArr['email'];
$timeofrq = $dataArr['timeofrq'];
$timeofrqcon = date('l jS \\of F Y h:i:s A', $timeofrq);
echo "\n<form action='forgotpassword.php?stage=set' method='post'>\n<input type='hidden' name='changekey' value='{$changekey}' />\n<div class='formDiv'>\n<strong>Validated!</strong><br>Please type in your new password.<br><br>\n<strong>Data:</strong><br>\nRequest ID: {$rqid}<br>\nUsername: {$username}<br>\nEmail: {$email}<br>\nTime of Request: {$timeofrqcon} Server Time<br>\n<table class='formTable'>\n<tr>\n<td class='formLabel'>New Password:</td>\n<td class='main'><input type='password' class='textBox' name='newpass' id='newpassword'></td>\n</tr>\n<tr>\n<td class='formLabel'>Confirm New Password:</td>\n<td class='main'><input type='password' class='textBox' name='connewpass' id='newpassword1'><span id='checkPassword' style='padding-left: 5px'></span></td>\n</tr>\n<tr>\n<td class='main' colspan='2' align='center'><input type='submit' class='submitButton' style='width: 125px' value='Submit Change'></td>\n</tr>\n</table>\n</div>\n</form>\n\n<script type='text/javascript'>\n \n \$(document).ready(function() {\n \n \$('#newpassword1').keyup(function() {\n \n if(\$('#newpassword').val() != '') {\n \n if(\$('#newpassword1').val() == \$('#newpassword').val()) {\n \$('#checkPassword').toggleClass('successFont', true);\n \$('#checkPassword').toggleClass('failedFont', false);\n \$('#checkPassword').html('Passwords Match! OK!');\n }\n else {\n \$('#checkPassword').toggleClass('successFont', false);\n \$('#checkPassword').toggleClass('failedFont', true);\n \$('#checkPassword').html('Passwords Do Not Match!');\n }\n \n }\n else {\n \$('#checkPassword').html('');\n }\n \n });\n \n });\n \n </script>\n";
} else {
$countErrors++;
$dispError .= " <b>·</b> Not a Valid Changekey.<br>";
}
} elseif ($stage == "set" && isset($_POST['newpass']) && isset($_POST['changekey']) && $countErrors == 0) {
$newpass = $_POST['newpass'];
$newpasscon = $_POST['connewpass'];
