require_once CLASS_DIR . 'class_check.php';
$class = get_access(basename($_SERVER['REQUEST_URI']));
class_check($class);
$lang = array_merge($lang, load_language('ad_reset'));
//== Reset Lost Password
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = trim(htmlsafechars($_POST['username']));
$uid = (int) $_POST["uid"];
$secret = mksecret();
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$newpassword = "";
for ($i = 0; $i < 10; $i++) {
$newpassword .= $chars[mt_rand(0, strlen($chars) - 1)];
}
$passhash = make_passhash($secret, md5($newpassword));
$postkey = PostKey(array($uid, $CURUSER['id']));
$res = sql_query('UPDATE users SET secret=' . sqlesc($secret) . ', passhash=' . sqlesc($passhash) . ' WHERE username='******' AND id=' . sqlesc($uid) . ' AND class<' . $CURUSER['class']) or sqlerr(__FILE__, __LINE__);
$mc1->begin_transaction('MyUser_' . $uid);
$mc1->update_row(false, array('secret' => $secret, 'passhash' => $passhash));
$mc1->commit_transaction($INSTALLER09['expires']['curuser']);
$mc1->begin_transaction('user' . $uid);
$mc1->update_row(false, array('secret' => $secret, 'passhash' => $passhash));
$mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
if (mysqli_affected_rows($GLOBALS["___mysqli_ston"]) != 1) {
stderr($lang['reset_stderr'], $lang['reset_stderr1']);
}
if (CheckPostKey(array($uid, $CURUSER['id']), $postkey) == false) {
stderr($lang['reset_stderr2'], $lang['reset_stderr3']);
}
write_log($lang['reset_pwreset'], $lang['reset_pw_log1'] . htmlsafechars($username) . $lang['reset_pw_log2'] . htmlsafechars($CURUSER['username']));
stderr($lang['reset_pw_success'], '' . $lang['reset_pw_success1'] . ' <b>' . htmlsafechars($username) . '</b>' . $lang['reset_pw_success2'] . '<b>' . htmlsafechars($newpassword) . '</b>.');
}
$HTMLOUT .= "</table></div>";
$HTMLOUT .= "<div id='comments'>";
if (curuser::$blocks['userdetails_page'] & block_userdetails::USERCOMMENTS && $BLOCKS['userdetails_user_comments_on']) {
require_once BLOCK_DIR . 'userdetails/usercomments.php';
}
$HTMLOUT .= "</div>";
$HTMLOUT .= "<div id='edit'>";
//==end blocks
$HTMLOUT .= "<script type='text/javascript'>\n /*<![CDATA[*/\n function togglepic(bu, picid, formid){\n var pic = document.getElementById(picid);\n var form = document.getElementById(formid);\n \n if(pic.src == bu + '/pic/plus.gif') {\n pic.src = bu + '/pic/minus.gif';\n form.value = 'minus';\n }else{\n pic.src = bu + '/pic/plus.gif';\n form.value = 'plus';\n }\n }\n /*]]>*/\n </script>";
if ($CURUSER['class'] >= UC_STAFF && $user["class"] < $CURUSER['class']) {
//$HTMLOUT .= begin_frame("Edit User", true);
$HTMLOUT .= "<form method='post' action='staffpanel.php?tool=modtask'>\n";
require_once CLASS_DIR . 'validator.php';
$HTMLOUT .= validatorForm('ModTask_' . $user['id']);
$postkey = PostKey(array($user['id'], $CURUSER['id']));
$HTMLOUT .= "<input type='hidden' name='action' value='edituser' />\n";
$HTMLOUT .= "<input type='hidden' name='userid' value='{$id}' />\n";
$HTMLOUT .= "<input type='hidden' name='postkey' value='{$postkey}' />\n";
$HTMLOUT .= "<input type='hidden' name='returnto' value='userdetails.php?id={$id}' />\n";
$HTMLOUT .= "\n <table class='main' border='1' cellspacing='0' cellpadding='5'>\n";
$HTMLOUT .= "<tr><td class='rowhead'>{$lang['userdetails_title']}</td><td colspan='2' align='left'><input type='text' size='60' name='title' value='" . htmlsafechars($user['title']) . "' /></td></tr>\n";
$avatar = htmlsafechars($user["avatar"]);
$HTMLOUT .= "<tr><td class='rowhead'>{$lang['userdetails_avatar_url']}</td><td colspan='2' align='left'><input type='text' size='60' name='avatar' value='{$avatar}' /></td></tr>\n";
$HTMLOUT .= "<tr>\n <td class='rowhead'>{$lang['userdetails_signature_rights']}</td>\n <td colspan='2' align='left'><input name='signature_post' value='yes' type='radio'" . ($user['signature_post'] == "yes" ? " checked='checked'" : "") . " />{$lang['userdetails_yes']}\n <input name='signature_post' value='no' type='radio'" . ($user['signature_post'] == "no" ? " checked='checked'" : "") . " />{$lang['userdetails_disable_signature']}</td></tr>\n <!--<tr><td class='rowhead'>{$lang['userdetails_view_signature']}</td>\n <td colspan='2' align='left'><input name='signatures' value='yes' type='radio'" . ($user['signatures'] == "yes" ? " checked='checked'" : "") . " />{$lang['userdetails_yes']}\n <input name='signatures' value='no' type='radio'" . ($user['signatures'] == "no" ? " checked='checked'" : "") . " /></td>\n </tr>-->\n <tr>\n <td class='rowhead'>{$lang['userdetails_signature']}</td>\n <td colspan='2' align='left'><textarea cols='60' rows='2' name='signature'>" . htmlsafechars($user['signature']) . "</textarea></td>\n </tr>\n \n <tr>\n <td class='rowhead'>{$lang['userdetails_gtalk']}</td>\n <td colspan='2' align='left'><input type='text' size='60' name='google_talk' value='" . htmlsafechars($user['google_talk']) . "' /></td>\n </tr>\n <tr>\n <td class='rowhead'>{$lang['userdetails_msn']}</td>\n <td colspan='2' align='left'><input type='text' size='60' name='msn' value='" . htmlsafechars($user['msn']) . "' /></td>\n </tr>\n <tr>\n <td class='rowhead'>{$lang['userdetails_aim']}</td>\n <td colspan='2' align='left'><input type='text' size='60' name='aim' value='" . htmlsafechars($user['aim']) . "' /></td>\n </tr>\n <tr>\n <td class='rowhead'>{$lang['userdetails_yahoo']}</td>\n <td colspan='2' align='left'><input type='text' size='60' name='yahoo' value='" . htmlsafechars($user['yahoo']) . "' /></td>\n </tr>\n <tr>\n <td class='rowhead'>{$lang['userdetails_icq']}</td>\n <td colspan='2' align='left'><input type='text' size='60' name='icq' value='" . htmlsafechars($user['icq']) . "' /></td>\n </tr>\n <tr>\n <td class='rowhead'>{$lang['userdetails_website']}</td>\n <td colspan='2' align='left'><input type='text' size='60' name='website' value='" . htmlsafechars($user['website']) . "' /></td>\n </tr>";
//== we do not want mods to be able to change user classes or amount donated...
// === Donor mod time based by snuggles
if ($CURUSER["class"] == UC_MAX) {
$donor = $user["donor"] == "yes";
$HTMLOUT .= "<tr><td class='rowhead' align='right'><b>{$lang['userdetails_donor']}</b></td><td colspan='2' align='center'>";
if ($donor) {
$HTMLOUT .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n\t\t\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n\t\t<html xmlns='http://www.w3.org/1999/xhtml'>\n\t\t<head>\n\t\t<title>Error!</title>\n\t\t</head>\n\t\t<body>\n\t<div style='font-size:33px;color:white;background-color:red;text-align:center;'>Incorrect access<br />You cannot access this file directly.</div>\n\t</body></html>";
echo $HTMLOUT;
exit;
}
require_once INCL_DIR . 'user_functions.php';
require_once CLASS_DIR . 'page_verify.php';
require_once CLASS_DIR . 'class_check.php';
require_once INCL_DIR . 'function_autopost.php';
require_once CLASS_DIR . 'class_user_options.php';
require_once CLASS_DIR . 'class_user_options_2.php';
class_check(UC_STAFF);
$lang = array_merge($lang, load_language('modtask'));
$newpage = new page_verify();
$newpage->check('mdk1@@9');
$curuser_cache = $user_cache = $stats_cache = $user_stats_cache = '';
$postkey = PostKey(array($_POST['userid'], $CURUSER['id']));
function remove_torrent_pass($torrent_pass)
{
if (strlen($torrent_pass) != 32 || !bin2hex($torrent_pass)) {
return false;
}
$key = 'user::torrent_pass:::' . $torrent_pass;
$mc1->delete_value($key);
}
function write_info($text)
{
$text = sqlesc($text);
$added = TIME_NOW;
sql_query("INSERT INTO infolog (added, txt) VALUES({$added}, {$text})") or sqlerr(__FILE__, __LINE__);
}
function resize_image($in)
