require_once CLASS_DIR . 'class_check.php'; $class = get_access(basename($_SERVER['REQUEST_URI'])); class_check($class); $lang = array_merge($lang, load_language('ad_reset')); //== Reset Lost Password if ($_SERVER['REQUEST_METHOD'] == 'POST') { $username = trim(htmlsafechars($_POST['username'])); $uid = (int) $_POST["uid"]; $secret = mksecret(); $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $newpassword = ""; for ($i = 0; $i < 10; $i++) { $newpassword .= $chars[mt_rand(0, strlen($chars) - 1)]; } $passhash = make_passhash($secret, md5($newpassword)); $postkey = PostKey(array($uid, $CURUSER['id'])); $res = sql_query('UPDATE users SET secret=' . sqlesc($secret) . ', passhash=' . sqlesc($passhash) . ' WHERE username='******' AND id=' . sqlesc($uid) . ' AND class<' . $CURUSER['class']) or sqlerr(__FILE__, __LINE__); $mc1->begin_transaction('MyUser_' . $uid); $mc1->update_row(false, array('secret' => $secret, 'passhash' => $passhash)); $mc1->commit_transaction($INSTALLER09['expires']['curuser']); $mc1->begin_transaction('user' . $uid); $mc1->update_row(false, array('secret' => $secret, 'passhash' => $passhash)); $mc1->commit_transaction($INSTALLER09['expires']['user_cache']); if (mysqli_affected_rows($GLOBALS["___mysqli_ston"]) != 1) { stderr($lang['reset_stderr'], $lang['reset_stderr1']); } if (CheckPostKey(array($uid, $CURUSER['id']), $postkey) == false) { stderr($lang['reset_stderr2'], $lang['reset_stderr3']); } write_log($lang['reset_pwreset'], $lang['reset_pw_log1'] . htmlsafechars($username) . $lang['reset_pw_log2'] . htmlsafechars($CURUSER['username'])); stderr($lang['reset_pw_success'], '' . $lang['reset_pw_success1'] . ' <b>' . htmlsafechars($username) . '</b>' . $lang['reset_pw_success2'] . '<b>' . htmlsafechars($newpassword) . '</b>.');
} $HTMLOUT .= "</table></div>"; $HTMLOUT .= "<div id='comments'>"; if (curuser::$blocks['userdetails_page'] & block_userdetails::USERCOMMENTS && $BLOCKS['userdetails_user_comments_on']) { require_once BLOCK_DIR . 'userdetails/usercomments.php'; } $HTMLOUT .= "</div>"; $HTMLOUT .= "<div id='edit'>"; //==end blocks $HTMLOUT .= "<script type='text/javascript'>\n /*<![CDATA[*/\n function togglepic(bu, picid, formid){\n var pic = document.getElementById(picid);\n var form = document.getElementById(formid);\n \n if(pic.src == bu + '/pic/plus.gif') {\n pic.src = bu + '/pic/minus.gif';\n form.value = 'minus';\n }else{\n pic.src = bu + '/pic/plus.gif';\n form.value = 'plus';\n }\n }\n /*]]>*/\n </script>"; if ($CURUSER['class'] >= UC_STAFF && $user["class"] < $CURUSER['class']) { //$HTMLOUT .= begin_frame("Edit User", true); $HTMLOUT .= "<form method='post' action='staffpanel.php?tool=modtask'>\n"; require_once CLASS_DIR . 'validator.php'; $HTMLOUT .= validatorForm('ModTask_' . $user['id']); $postkey = PostKey(array($user['id'], $CURUSER['id'])); $HTMLOUT .= "<input type='hidden' name='action' value='edituser' />\n"; $HTMLOUT .= "<input type='hidden' name='userid' value='{$id}' />\n"; $HTMLOUT .= "<input type='hidden' name='postkey' value='{$postkey}' />\n"; $HTMLOUT .= "<input type='hidden' name='returnto' value='userdetails.php?id={$id}' />\n"; $HTMLOUT .= "\n <table class='main' border='1' cellspacing='0' cellpadding='5'>\n"; $HTMLOUT .= "<tr><td class='rowhead'>{$lang['userdetails_title']}</td><td colspan='2' align='left'><input type='text' size='60' name='title' value='" . htmlsafechars($user['title']) . "' /></td></tr>\n"; $avatar = htmlsafechars($user["avatar"]); $HTMLOUT .= "<tr><td class='rowhead'>{$lang['userdetails_avatar_url']}</td><td colspan='2' align='left'><input type='text' size='60' name='avatar' value='{$avatar}' /></td></tr>\n"; $HTMLOUT .= "<tr>\n <td class='rowhead'>{$lang['userdetails_signature_rights']}</td>\n <td colspan='2' align='left'><input name='signature_post' value='yes' type='radio'" . ($user['signature_post'] == "yes" ? " checked='checked'" : "") . " />{$lang['userdetails_yes']}\n <input name='signature_post' value='no' type='radio'" . ($user['signature_post'] == "no" ? " checked='checked'" : "") . " />{$lang['userdetails_disable_signature']}</td></tr>\n <!--<tr><td class='rowhead'>{$lang['userdetails_view_signature']}</td>\n <td colspan='2' align='left'><input name='signatures' value='yes' type='radio'" . ($user['signatures'] == "yes" ? " checked='checked'" : "") . " />{$lang['userdetails_yes']}\n <input name='signatures' value='no' type='radio'" . ($user['signatures'] == "no" ? " checked='checked'" : "") . " /></td>\n </tr>-->\n <tr>\n <td class='rowhead'>{$lang['userdetails_signature']}</td>\n <td colspan='2' align='left'><textarea cols='60' rows='2' name='signature'>" . htmlsafechars($user['signature']) . "</textarea></td>\n </tr>\n \n <tr>\n <td class='rowhead'>{$lang['userdetails_gtalk']}</td>\n <td colspan='2' align='left'><input type='text' size='60' name='google_talk' value='" . htmlsafechars($user['google_talk']) . "' /></td>\n </tr>\n <tr>\n <td class='rowhead'>{$lang['userdetails_msn']}</td>\n <td colspan='2' align='left'><input type='text' size='60' name='msn' value='" . htmlsafechars($user['msn']) . "' /></td>\n </tr>\n <tr>\n <td class='rowhead'>{$lang['userdetails_aim']}</td>\n <td colspan='2' align='left'><input type='text' size='60' name='aim' value='" . htmlsafechars($user['aim']) . "' /></td>\n </tr>\n <tr>\n <td class='rowhead'>{$lang['userdetails_yahoo']}</td>\n <td colspan='2' align='left'><input type='text' size='60' name='yahoo' value='" . htmlsafechars($user['yahoo']) . "' /></td>\n </tr>\n <tr>\n <td class='rowhead'>{$lang['userdetails_icq']}</td>\n <td colspan='2' align='left'><input type='text' size='60' name='icq' value='" . htmlsafechars($user['icq']) . "' /></td>\n </tr>\n <tr>\n <td class='rowhead'>{$lang['userdetails_website']}</td>\n <td colspan='2' align='left'><input type='text' size='60' name='website' value='" . htmlsafechars($user['website']) . "' /></td>\n </tr>"; //== we do not want mods to be able to change user classes or amount donated... // === Donor mod time based by snuggles if ($CURUSER["class"] == UC_MAX) { $donor = $user["donor"] == "yes"; $HTMLOUT .= "<tr><td class='rowhead' align='right'><b>{$lang['userdetails_donor']}</b></td><td colspan='2' align='center'>"; if ($donor) {
$HTMLOUT .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n\t\t\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n\t\t<html xmlns='http://www.w3.org/1999/xhtml'>\n\t\t<head>\n\t\t<title>Error!</title>\n\t\t</head>\n\t\t<body>\n\t<div style='font-size:33px;color:white;background-color:red;text-align:center;'>Incorrect access<br />You cannot access this file directly.</div>\n\t</body></html>"; echo $HTMLOUT; exit; } require_once INCL_DIR . 'user_functions.php'; require_once CLASS_DIR . 'page_verify.php'; require_once CLASS_DIR . 'class_check.php'; require_once INCL_DIR . 'function_autopost.php'; require_once CLASS_DIR . 'class_user_options.php'; require_once CLASS_DIR . 'class_user_options_2.php'; class_check(UC_STAFF); $lang = array_merge($lang, load_language('modtask')); $newpage = new page_verify(); $newpage->check('mdk1@@9'); $curuser_cache = $user_cache = $stats_cache = $user_stats_cache = ''; $postkey = PostKey(array($_POST['userid'], $CURUSER['id'])); function remove_torrent_pass($torrent_pass) { if (strlen($torrent_pass) != 32 || !bin2hex($torrent_pass)) { return false; } $key = 'user::torrent_pass:::' . $torrent_pass; $mc1->delete_value($key); } function write_info($text) { $text = sqlesc($text); $added = TIME_NOW; sql_query("INSERT INTO infolog (added, txt) VALUES({$added}, {$text})") or sqlerr(__FILE__, __LINE__); } function resize_image($in)