case 1: if ($config['language_dir_default'] != $config['language_dir']) { $activation_url .= "&l=" . $config['language_dir']; } $user_details_url = ""; $email_to = $user_email; $email_subject = $lang['update_email_emailsubject']; $email_template = "newemail_activation"; $new_email_msg = $lang['update_email_instruction']; break; case 0: default: break; } if (!empty($email_to)) { $site_email->set_to($email_to); $site_email->set_subject($email_subject); $site_email->register_vars(array("user_details_url" => $user_details_url, "activation_url" => $activation_url, "user_name" => $user_info['user_name'], "site_name" => $config['site_name'])); $site_email->set_body($email_template, $config['language_dir']); $site_email->send_email(); } } else { $msg = $lang['general_error']; $error = 1; } } if (!$error) { $additional_sql = ""; if (!empty($additional_user_fields)) { $table_fields = $site_db->get_table_fields(USERS_TABLE); foreach ($additional_user_fields as $key => $val) {
show_error_page($lang['no_permission']); exit; } $activationkey = trim($HTTP_GET_VARS['activationkey']); $sql = "SELECT " . get_user_table_field("", "user_name") . get_user_table_field(", ", "user_email") . get_user_table_field(", ", "user_activationkey") . "\n FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_activationkey") . " = '{$activationkey}'"; $row = $site_db->query_firstrow($sql); if (!$row) { $msg = $lang['invalid_activationkey']; } else { $sql = "UPDATE " . USERS_TABLE . "\n SET " . get_user_table_field("", "user_level") . " = " . USER . "\n WHERE " . get_user_table_field("", "user_activationkey") . " = '{$activationkey}'"; $site_db->query($sql); $msg = $lang['activation_success']; if ($config['account_activation'] == 2) { include ROOT_PATH . 'includes/email.php'; $site_email = new Email(); $site_email->set_to($row[$user_table_fields['user_email']]); $site_email->set_subject($lang['activation_success_emailsubject']); $site_email->register_vars(array("user_name" => $row[$user_table_fields['user_name']], "site_name" => $config['site_name'])); $site_email->set_body("activation_success", $config['language_dir']); $site_email->send_email(); } } } } //----------------------------------------------------- //--- Clickstream ------------------------------------- //----------------------------------------------------- $clickstream = "<span class=\"clickstream\"><a href=\"" . $site_sess->url(ROOT_PATH . "index.php") . "\" class=\"clickstream\">" . $lang['home'] . "</a>" . $config['category_separator'] . $lang['register'] . "</span>"; //----------------------------------------------------- //--- Print Out --------------------------------------- //-----------------------------------------------------
$subject = stripslashes(trim($HTTP_POST_VARS['subject'])); $message = stripslashes(trim($HTTP_POST_VARS['message'])); if ($subject == "") { $error['subject'] = 1; } if ($message == "") { $error['message'] = 1; } if (!isset($HTTP_POST_VARS['emails']) || empty($HTTP_POST_VARS['emails'])) { $error['emails'] = 1; } if (empty($error)) { @set_time_limit(1200); include ROOT_PATH . 'includes/email.php'; $site_email = new Email(); $site_email->set_to($config['site_email']); $site_email->set_subject($subject); $site_email->register_vars(array("message" => $message, "site_email" => $config['site_email'], "site_name" => $config['site_name'])); $site_email->set_body("admin_email", $config['language_dir']); $emails = $HTTP_POST_VARS['emails']; $site_email->set_bcc($emails); echo $site_email->send_email() ? $lang['send_emails_success'] : $lang['send_emails_error']; echo "<p>"; show_text_link($lang['back'], "javascript:history.back(1)"); } else { $msg = sprintf("<span class=\"marktext\">%s</span>", $lang['lostfield_error']); $action = "emailusers"; } } if ($action == "emailusers") { if ($msg != "") {
$user_lastaction = $user_lastaction != "" ? "UNIX_TIMESTAMP('{$user_lastaction}')" : time(); $additional_sql = ""; if (!empty($additional_user_fields)) { $table_fields = $site_db->get_table_fields(USERS_TABLE); foreach ($additional_user_fields as $key => $val) { if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) { $additional_sql .= ", {$key} = '" . un_htmlspecialchars(trim($HTTP_POST_VARS[$key])) . "'"; } } } $sql = "UPDATE " . USERS_TABLE . "\n SET " . get_user_table_field("", "user_level") . " = {$user_level}, " . get_user_table_field("", "user_name") . " = '{$user_name}',{$passinsert} " . get_user_table_field("", "user_email") . " = '{$user_email}', " . get_user_table_field("", "user_showemail") . " = {$user_showemail}, " . get_user_table_field("", "user_allowemails") . " = {$user_allowemails}, " . get_user_table_field("", "user_invisible") . " = {$user_invisible}, " . get_user_table_field("", "user_joindate") . " = {$user_joindate}, " . get_user_table_field("", "user_lastaction") . " = {$user_lastaction}, " . get_user_table_field("", "user_homepage") . " = '{$user_homepage}', " . get_user_table_field("", "user_icq") . " = '{$user_icq}'" . $additional_sql . "\n WHERE " . get_user_table_field("", "user_id") . " = {$user_id}"; $result = $site_db->query($sql); if ($result && $config['account_activation'] == 2 && $activation && $user_level != USER_AWAITING) { include ROOT_PATH . 'includes/email.php'; $site_email = new Email(); $site_email->set_to($user_email); $site_email->set_subject($lang['activation_success_emailsubject']); $site_email->register_vars(array("user_name" => $user_name, "site_name" => $config['site_name'])); $site_email->set_body("activation_success", $config['language_dir']); $site_email->send_email(); } $msg = $result ? $lang['user_edit_success'] : $lang['user_edit_error']; } else { $msg .= sprintf("<span class=\"marktext\">%s</span>", $lang['lostfield_error']); } $action = "edituser"; } if ($action == "edituser") { if ($msg != "") { printf("<b>%s</b>\n", $msg); }
$captcha = isset($HTTP_POST_VARS['captcha']) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : ""; $back_url = !empty($HTTP_POST_VARS['back_url']) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['back_url']))) : $site_sess->url(ROOT_PATH . "index.php", "&"); $postcard_id = get_random_key(POSTCARDS_TABLE, "postcard_id"); $current_time = time(); if ($captcha_enable_postcards && !captcha_validate($captcha)) { $msg .= ($msg != "" ? "<br />" : "") . $lang['captcha_required']; $action = "previewcard"; $main_template = "postcard_preview"; } else { $sql = "INSERT INTO " . POSTCARDS_TABLE . "\n (postcard_id, image_id, postcard_date, postcard_bg_color, postcard_border_color, postcard_font_color, postcard_font_face, postcard_sender_name, postcard_sender_email, postcard_recipient_name, postcard_recipient_email, postcard_headline, postcard_message)\n VALUES\n ('{$postcard_id}', {$image_id}, {$current_time}, '{$bg_color}', '{$border_color}', '{$font_color}', '{$font_face}', '{$sender_name}', '{$sender_email}', '{$recipient_name}', '{$recipient_email}', '{$headline}', '{$message}')"; $result = $site_db->query($sql); if ($result) { $postcard_url = $script_url . "/postcards.php?" . URL_POSTCARD_ID . "=" . $postcard_id; include ROOT_PATH . 'includes/email.php'; $site_email = new Email(); $site_email->set_to(stripslashes($recipient_email)); $site_email->set_from(stripslashes($sender_email), stripslashes($sender_name)); $site_email->set_subject($lang['send_postcard_emailsubject']); $site_email->register_vars(array("sender_name" => stripslashes($sender_name), "sender_email" => stripslashes($sender_email), "recipient_name" => stripslashes($recipient_name), "postcard_url" => stripslashes($postcard_url), "postcard_send_date" => format_date($config['date_format'] . " " . $config['time_format'], $current_time), "site_name" => $config['site_name'])); $site_email->set_body("postcard_message", $config['language_dir']); $site_email->send_email(); $msg .= $lang['send_postcard_success']; $msg .= "<br /><a href=\"" . $back_url . "\">" . $lang['back_to_gallery'] . "</a>"; $action = "showcard"; } else { $msg = $lang['general_error']; $action = "previewcard"; $main_template = "postcard_preview"; } } }
/** * reset a password for a given username (email) * and returns new generated password * * @param string username (email) * * @return string new generated password * * @access public * * @author patrick.kracht, thorsten.moll */ public function passwd() { if (isset($_POST["LoginUsername"])) { $username = trim($_POST["LoginUsername"]); if (empty($username)) { throw new Exception("Sie haben keine Emailadresse angegeben!", 303); } } else { throw new Exception("Sie haben keine Emailadresse angegeben!", 303); } // check, if user with md5-pass exists in database $query = "SELECT mid, firstname, lastname FROM tr_users WHERE email = '{$username}';"; $result = $_SESSION[$_SESSION["_SqlType"]]->query_first($query); // only if one hit if (!isset($result["mid"])) { throw new Exception("Die Emailadresse '{$username}' ist mir unbekannt!", 304); } else { $passwd = $this->generate_password(); $passmd5 = md5($passwd); $query = "UPDATE tr_users SET password = '******' WHERE email = '{$username}';"; $_SESSION[$_SESSION["_SqlType"]]->query($query); $count = $_SESSION[$_SESSION["_SqlType"]]->affected_rows(); // successful updated database if ($count == 1) { $tpl = "passwd.email.html"; $email = new Email(array($tpl, "Sie haben Ihr Passwort vergessen?")); $email->set_sender("*****@*****.**", "Webmaster"); $email->set_to($username, $result["firstname"] . " " . $result["lastname"]); $email->assign($tpl, "{{URL}}", "http://" . $_SERVER["HTTP_HOST"] . dirname($_SERVER["SCRIPT_NAME"]) . "/"); $email->assign($tpl, "{{USER}}", $username); $email->assign($tpl, "{{PASS}}", $passwd); if ($email->send()) { throw new Exception("Es wurde ein neues Passwort an '{$username}' geschickt!", 305); } else { throw new Exception("Die Email konnte nicht gesendet werden! Wir arbeiten daran...", 306); } } else { throw new Exception("Es gab Probleme mit der Datenbank! Wir arbeiten daran...", 307); } } }