function NewPass($uid, $key, $stamp) { global $handler, $master_name_filter, $master_name, $master_email; mysql_query("DELETE FROM uo_chat_newpass WHERE pass_stamp < DATE_SUB(now(), INTERVAL 15 MINUTE)", $handler); if (!preg_match('@^\\w+$@', $key)) { echo "<p>Invalid key '{$key}'.<br>\n"; return -1; } $uid = intval($uid); $stamp = date('Y-m-d H:i:s', strtotime($stamp)); $result = mysql_query("SELECT pass_uid, pass_key, pass_stamp\n\t\tFROM uo_chat_newpass\n\t\tWHERE pass_uid={$uid} AND pass_key='" . $key . "' AND pass_stamp='" . $stamp . "'", $handler); $verify = mysql_fetch_assoc($result); mysql_free_result($result); if (empty($verify['pass_uid']) || $verify['pass_uid'] != $uid) { echo "<p>Invalid or expired reset link.<br>\n"; return -1; } if (empty($verify['pass_key']) || $verify['pass_key'] != $key) { echo "<p>Invalid or expired reset link.<br>\n"; return -1; } if (empty($verify['pass_stamp']) || $verify['pass_stamp'] != $stamp) { echo "<p>Invalid or expired reset link.<br>\n"; return -1; } $result = mysql_query("SELECT chat, uid, username, email\n\t\tFROM uo_chat_database\n\t\tWHERE uid={$uid}", $handler); $cuser = mysql_fetch_assoc($result); mysql_free_result($result); if (empty($cuser['username']) || $cuser['uid'] != $uid) { echo "<p>User {$uid} was not found in the database.<br>\n"; return -1; } if (strlen($cuser['email']) < 5 || strpos($cuser['email'], '@') === false) { echo "<p>User {$uid} doesn't have an email. Impossible to send new password.<br>\n"; return -1; } $chat = trim(substr($cuser['chat'], 4)); $username = trim($cuser['username']); $email = trim($cuser['email']); $newpass = RandomPass(); $md5pass = md5($newpass); mysql_query("UPDATE uo_chat_database SET password='******' WHERE uid={$uid}", $handler); mysql_query("DELETE FROM uo_chat_newpass WHERE pass_uid={$uid}", $handler); $username = ucwords($username); $headers = ''; $headers .= "From: {$master_name} <{$master_email}>\n"; $headers .= "Reply-To: {$master_name} <{$master_email}>\n"; $headers .= "Bcc: {$master_name} <{$master_email}>\n"; $subject = "pJJ: New password for '{$username}' of /{$chat}"; $message = <<<XBODY New password for user {$username} (uid:{$cuser['uid']}): {$newpass} -- pJJ Chats XBODY; mail("{$username} <{$email}>", $subject, $message, $headers); $fc = fopen("../{$chat}/register/wizard_locked/actionlog.log", "ab"); fwrite($fc, stripslashes(date("F d, Y T - H:i:s") . ": New password generated for user '{$username}' - {$ip}\n")); fclose($fc); echo "<p>New password generated for user '{$username}', and emailed to {$email}.<br>\n"; }
if (strlen($password) != 32) { $_SESSION[$realpath]['user']['password'] = md5($password); } else { $_SESSION[$realpath]['user']['password'] = $password; } } echo '<h2>Logged in as ', $login, '</h2>', "\n"; echo "<p><br><FORM ACTION='login.php' METHOD='POST'>"; if ($adminaction) { if ($adminaction == "adduser") { $new_name = $_REQUEST['new_name']; $new_pass = $_REQUEST['new_pass']; $new_level = $_REQUEST['new_level']; if ($new_name && $new_pass && $new_level) { if ($new_pass == "random") { $new_pass = RandomPass(8); } $new_mail = $_REQUEST['new_mail']; $message = $_REQUEST['message']; $subject = $_REQUEST['subject']; if ($message && $subject && $new_email) { mail($new_email, $subject, $message, "From: {$master_email}\nReply-To: {$cadmin}\nBCC: {$master_email}\nX-pJJ-IP: {$_SERVER['REMOTE_ADDR']}\nX-pJJ-Chat: https://pjj.cc/{$chatpath}/\nX-pJJ-Auth: {$_REQUEST['login']}\n"); echo "Mail sent to {$new_email}."; } else { $new_faction = $_REQUEST['new_faction']; if (empty($new_faction)) { $new_faction = "0"; } if (AddUser($login, $password, trim($new_name), trim($new_pass), trim($new_faction), trim($new_email), trim($new_level), $chatpath) >= 1) { if ($ruid) { count_mysql_query("UPDATE uo_chat_regapps SET appstat=1 WHERE chat='{$chatpath}' AND id='{$ruid}'", $handler);