function addNewUser()
{
// globals
global $DB;
global $MySelf;
global $MB_EMAIL;
// Sanitize the input.
$USERNAME = $MySelf->getUsername;
$NEW_USER = strtolower(sanitize($_POST[username]));
// supplied new username.
if (!ctypeAlnum($NEW_USER)) {
makeNotice("Only characters a-z, A-Z and 0-9 are allowed as username.", "error", "Invalid Username");
}
/* Password busines */
if ($_POST[pass1] != $_POST[pass2]) {
makeNotice("The passwords did not match!", "warning", "Passwords invalid", "index.php?action=newuser", "[retry]");
}
$PASSWORD = encryptPassword("{$_POST['pass1']}");
$PASSWORD_ENC = $PASSWORD;
/* lets see if the users (that is logged in) has sufficient
* rights to create even the most basic miner. Level 3+ is
* needed.
*/
if (!$MySelf->canAddUser()) {
makeNotice("You are not authorized to do that!", "error", "Forbidden");
}
// Lets prevent adding multiple users with the same name.
if (userExists($NEW_USER) >= 1) {
makeNotice("User already exists!", "error", "Duplicate User", "index.php?action=newuser", "[Cancel]");
}
// So we have an email address?
if (empty($_POST[email])) {
// We dont!
makeNotice("You need to supply an email address!", "error", "Account not created");
} else {
// We do. Clean it.
$NEW_EMAIL = sanitize($_POST[email]);
}
// Inser the new user into the database!
$DB->query("insert into users (username, password, email, addedby, confirmed) " . "values (?, ?, ?, ?, ?)", array("{$NEW_USER}", "{$PASSWORD_ENC}", "{$NEW_EMAIL}", $MySelf->getUsername(), "1"));
// Were we successfull?
if ($DB->affectedRows() == 0) {
makeNotice("Could not create user!", "error");
} else {
// Write the user an email.
global $SITENAME;
$mail = getTemplate("newuser", "email");
$mail = str_replace('{{USERNAME}}', "{$NEW_USER}", $mail);
$mail = str_replace('{{PASSWORD}}', "{$PASSWORD}", $mail);
$mail = str_replace('{{SITE}}', "http://" . $_SERVER['HTTP_HOST'] . "/", $mail);
$mail = str_replace('{{CORP}}', "{$SITENAME}", $mail);
$mail = str_replace('{{CREATOR}}', "{$USERNAME}", $mail);
$to = $NEW_EMAIL;
$DOMAIN = $_SERVER['HTTP_HOST'];
$subject = "Welcome to MiningBuddy";
$headers = "From:" . $MB_EMAIL;
mail($to, $subject, $mail, $headers);
makeNotice("User added and confirmation email sent.", "notice", "Account created", "index.php?action=editusers");
}
}
function addUser($username, $email, $password, $avatar, $steamid)
{
//Check if user exists
$checkLogin = checkUserLogin($username);
if ($checkLogin == FALSE) {
//Loginname doesn't exist
//Check if email exists
$checkEmail = checkEmail($email);
if ($checkEmail == FALSE) {
//Email doesn't exist
$thisUser = new User();
$thisUser->username = $username;
$thisUser->loginname = $username;
$thisUser->password = encryptPassword($password);
$thisUser->email = $email;
$thisUser->avatar = $avatar;
$thisUser->steamid = $steamid;
$thisUser->save();
return TRUE;
} else {
//Email exists
return FALSE;
}
} else {
//Loginname exists
return FALSE;
}
}
function registerUser()
{
$userName = $_POST['userName'];
# Verify that the user doesn't exist in the database
$result = verifyUser($userName);
if ($result['status'] == 'COMPLETE') {
$email = $_POST['email'];
$userFirstName = $_POST['userFirstName'];
$userLastName = $_POST['userLastName'];
$userPassword = encryptPassword();
# Make the insertion of the new user to the Database
$result = registerNewUser($userFirstName, $userLastName, $userName, $email, $userPassword);
# Verify that the insertion was successful
if ($result['status'] == 'COMPLETE') {
# Starting the session
startSession($userFirstName, $userLastName, $userName);
echo json_encode($result);
} else {
# Something went wrong while inserting the new user
die(json_encode($result));
}
} else {
# Username already exists
die(json_encode($result));
}
}
public function save()
{
global $IP_ADDRESS;
$returnVal = false;
if ($this->objSignUpForm->validate()) {
$newPassword = encryptPassword($_POST['password']);
$arrColumns = array("username", "password", "password2", "email", "applydate", "ipaddress");
$arrValues = array($_POST['username'], $newPassword['password'], $newPassword['salt'], $_POST['email'], time(), $IP_ADDRESS);
if ($this->addNew($arrColumns, $arrValues)) {
$result = $this->MySQL->query("SELECT appcomponent_id FROM " . $this->MySQL->get_tablePrefix() . "app_components ORDER BY ordernum DESC");
while ($row = $result->fetch_assoc()) {
$this->objAppComponent->select($row['appcomponent_id']);
$this->objAppComponent->saveAppValue($this->intTableKeyValue);
}
$returnVal = true;
$this->notifyManagers();
}
} else {
$_POST = filterArray($_POST);
if ($this->objSignUpForm->prefillValues) {
$this->objSignUpForm->prefillPostedValues();
}
$_POST['submit'] = false;
}
return $returnVal;
}
public function actionLogin($id = 0)
{
if (isset($_POST['password'])) {
$pw = $_POST['password'];
$id = (int) $_POST['server_id'];
$server = Server::model()->findByPk((int) $id);
if (!$server) {
throw new CHttpException(404, Yii::t('mc', 'The requested page does not exist.'));
}
$this->net2FtpDefines();
global $net2ftp_result, $net2ftp_settings, $net2ftp_globals;
require_once dirname(__FILE__) . '/../extensions/net2ftp/main.inc.php';
require_once dirname(__FILE__) . '/../extensions/net2ftp/includes/authorizations.inc.php';
$ftpSv = $this->getFtpServer($server);
if (strlen($pw)) {
$_SESSION['net2ftp_password_encrypted'] = encryptPassword($pw);
$sessKey = 'net2ftp_password_encrypted_' . $ftpSv['ip'] . $this->getUsername($server);
unset($_SESSION[$sessKey]);
}
Yii::log('Logging in to FTP server for server ' . $id);
$this->redirect(array('ftpClient/browse', 'id' => $id));
}
$ftpUser = FtpUser::model()->findByAttributes(array('name' => Yii::app()->user->name));
$daemons = array();
$serverList = array();
$sel = Yii::t('mc', 'Please select a server');
if ($ftpUser) {
$c = new CDbCriteria();
$c->join = 'join `ftp_user_server` on `t`.`id`=`server_id`';
$c->condition = '`user_id`=? and `perms`!=\'\'';
$c->params = array((int) $ftpUser->id);
$svs = Server::model()->findAll($c);
$serverList = array(0 => Yii::t('mc', 'Select'));
foreach ($svs as $sv) {
$dmn = Daemon::model()->findByPk($sv->daemon_id);
$dmnInfo = array('ip' => '', 'port' => '');
if (!$dmn) {
$dmnInfo['ip'] = Yii::t('mc', 'No daemon found for this server.');
} else {
if (isset($dmn->ftp_ip) && isset($dmn->ftp_port)) {
$dmnInfo = array('ip' => $dmn->ftp_ip, 'port' => $dmn->ftp_port);
} else {
$dmnInfo['ip'] = Yii::t('mc', 'Daemon database not up to date, please run the Multicraft installer.');
}
}
$daemons[$sv->id] = $dmnInfo;
$serverList[$sv->id] = $sv->name;
}
} else {
$serverList = array(0 => Yii::t('mc', 'No FTP account found'));
$sel = Yii::t('mc', 'See the "Users" menu of your server for a list of FTP accounts');
}
$this->render('login', array('id' => $id, 'havePw' => isset($_SESSION['net2ftp_password_encrypted']), 'serverList' => $serverList, 'daemons' => $daemons, 'sel' => $sel));
}
function set_password($new_password)
{
$returnVal = false;
if ($this->intTableKeyValue != "") {
$passwordInfo = encryptPassword($new_password);
if ($this->update(array("password", "password2"), array($passwordInfo['password'], $passwordInfo['salt']))) {
$returnVal = true;
}
}
return $returnVal;
}
function execSignup($username, $password, $confirmpw, $firstname, $lastname, $gender)
{
if ($username == "" || !isValidUsername($username)) {
return "Username is empty or invalid!";
}
if ($password == "" || !isValidPassword($password)) {
return "Password is empty or invalid!";
}
if ($confirmpw == "" || !isValidPassword($confirmpw)) {
return "Confirm Password is empty or invalid!";
}
if ($firstname == "" || !isValidName($firstname)) {
return "First Name is empty or invalid!";
}
if ($lastname == "" || !isValidName($lastname)) {
return "Last Name is empty or invalid!";
}
if ($gender == "" || !isValidGender($gender)) {
return "Gender is empty or invalid!";
}
$userDAO = new UserDAO();
//verify username exist
$result = $userDAO->getUserByUsername($username);
if ($result !== null) {
return "Username exists, please change to another one!";
}
//verify $password == $confirmpw
if ($password != $confirmpw) {
return "Password and Confirm Password must be same!";
}
$roleDAO = new RoleDAO();
$role = $roleDAO->getRoleByID(3);
//normal user
$departmentDAO = new DepartmentDAO();
$depart = $departmentDAO->getDepartmentByID(1);
//root department
$encryptPW = encryptPassword($password);
$photoURL = "photo/default.png";
$user = new User($role, $depart, $username, $encryptPW, $firstname, $lastname, $gender, $photoURL);
if ($userDAO->insertUser($user) === true) {
return true;
} else {
return "Insert user into table error, please contact administrator!";
}
}
function execChangePW($password, $newpassword, $confirmpw)
{
if ($password == "" || $newpassword == "" || $confirmpw == "") {
return "Please fill all the necessary information!";
}
if (!isValidPassword($password) || !isValidPassword($newpassword)) {
return "Please enter a valid password!";
}
if ($newpassword !== $confirmpw) {
return "The new password and the confirmed new password must be the same!";
}
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($_SESSION["userID"]);
if (!verifyPassword($password, $user->getPassword())) {
return "The old password you entered is not correct!";
}
$encryptPW = encryptPassword($newpassword);
$user->setPassword($encryptPW);
$userDAO->updateUser($user);
return true;
}
function changePassword()
{
global $DB;
global $MySelf;
// sanitizing.
$username = sanitize($MySelf->getUsername());
// Are we allowed to change our password?
if (!$MySelf->canChangePwd()) {
makeNotice("You are not allowed to change your password. Ask your CEO to re-enable this feature for your account.", "error", "Forbidden");
}
// Passwords the very same?
if ("{$_POST['password1']}" != "{$_POST['password2']}") {
makeNotice("Your entered passwords do not match, please head back, and try again!", "error", "Password not changed", "index.php?action=changepw", "[retry]");
}
// Passwords empty?
if (empty($_POST[password1]) || empty($_POST[password2])) {
makeNotice("You need to enter passwords in both fields!!", "error", "Password missing!", "index.php?action=changepw", "[retry]");
}
/*
* At this point we know that the user who submited the
* password change form is both legit and the form was not tampered
* with. Proceed with the password-change.
*/
// encode both supplied passwords with crypt.
$password = encryptPassword("{$_POST['password1']}");
$oldpasswd = encryptPassword("{$_POST['password']}");
// Update the Database.
global $IS_DEMO;
if (!$IS_DEMO) {
$DB->query("update users set password = '******' where username = '******' and password ='******'");
if ($DB->affectedRows() == 1) {
makeNotice("Your password has been changed.", "notice", "Password change confirmed");
} else {
makeNotice("Your password could not have been changed! Database error!", "error", "Password change failed");
}
} else {
makeNotice("Your password would have been changed. (Operation canceled due to demo site restrictions.)", "notice", "Password change confirmed");
}
}
function editPassword($idUser, $pass_given, $new_pass)
{
if ($pass_given === $new_pass) {
return false;
}
global $db;
$stmt = $db->prepare('SELECT password FROM User WHERE idUser = :idUser');
$stmt->bindParam(':idUser', $idUser, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetchAll();
if (count($result) === 0) {
return false;
}
if (!decryptPassword($pass_given, $result[0]['password'])) {
return false;
}
$passEnc = encryptPassword($new_pass, 20);
$stmt = $db->prepare('UPDATE User SET password = :new_pass WHERE idUser = :idUser');
$stmt->bindParam(':idUser', $idUser, PDO::PARAM_STR);
$stmt->bindParam(':new_pass', $passEnc, PDO::PARAM_STR);
$stmt->execute();
return true;
}
/**
* @param $username
* @param $userpass
* @return bool|object
* Login.
*/
function login($username, $userpass)
{
if ($username == "" || $userpass == "") {
return false;
}
$salt = "";
$sql = "SELECT Salt, UserID FROM tbl_users WHERE Email = " . convertForInsert($username);
$mysqli = new mysqli(Database::dbserver, Database::dbuser, Database::dbpass, Database::dbname);
$rs = $mysqli->query($sql);
while ($row = $rs->fetch_assoc()) {
$userid = $row['UserID'];
$salt = $row['Salt'] == "" ? generateSalt($userid) : $row['Salt'];
}
$salted = encryptPassword($userpass, $salt);
$rs->free();
$mysqli->close();
$sql = "SELECT UserID, FirstName FROM tbl_users WHERE Email = " . convertForInsert($username) . " AND Password = "******"success" => true, "usertoken" => generateToken($row['UserID']), "userfirstname" => $row['FirstName']);
return json_encode($data);
}
//return true;
}
}
function editUser()
{
// We need global variables and object.
global $DB;
global $MySelf;
global $IS_DEMO;
if ($IS_DEMO && $_POST[id] == "1") {
makeNotice("The user would have been changed. (Operation canceled due to demo site restrictions.)", "notice", "Password change confirmed");
}
// Are we allowed to Manage Users?
if (!$MySelf->canManageUser()) {
makeNotice("You are not allowed to edit Users!", "error", "forbidden");
}
// Sanitize the ID
$ID = sanitize($_POST[id]);
$SELF = $MySelf->getID();
if (!is_numeric($ID)) {
// Yikes! Non-Number!
makeNotice("Variable is not numeric! (in editUser)", "error");
}
// Load the dataset.
$userDS = $DB->query("SELECT * FROM users WHERE id='{$ID}' LIMIT 1");
$user = $userDS->fetchRow();
// Non-admin tries to edit an admin, err no.
if ($user[isAdmin] && !$MySelf->isAdmin()) {
makeNotice("Only an Administrator may edit another Administrator. You do have the rights to edit users, but you are not allowed to modify an Administrators account.", "warning", "Insufficient rights!", "index.php?action=edituser&id={$ID}", "Cancel");
}
// Do we want to delete the user?
if ($_POST[delete] == "true") {
if ($ID == $SELF) {
makeNotice("You can not delete yourself! Why would you do such a thing? " . "Life is not that bad, c'mon...'", "warning", "Operation canceled", "index.php?action=edituser&id={$ID}", "get yourself together, man");
}
// Are we allowed to delete users?
if (!$MySelf->canDeleteUser()) {
makeNotice("You are not authorized to do that!", "error", "Forbidden");
}
// Get confirmation
confirm("You are about to delete " . ucfirst(idToUsername($ID)) . ". Are you sure?");
$DB->query("UPDATE users SET deleted='1' WHERE id='{$ID}' LIMIT 1");
if ($DB->affectedRows() == 1) {
makeNotice("The Account has been deleted.", "notice", "Account deleted", "index.php?action=editusers", "Back to editing Users");
} else {
makeNotice("Error deleting the user!", "error");
}
}
// Activate the account, or disable it.
if ("{$_POST['canLogin']}" == "on") {
$DB->query("UPDATE users SET active='1' WHERE id ='{$ID}' LIMIT 1");
} else {
if ($ID == $SELF) {
makeNotice("You can not deactivate yourself!", "error", "Err..", "index.php?action=edituser&id={$ID}", "Back to yourself ;)");
} else {
$DB->query("UPDATE users SET active='0' WHERE id ='{$ID}'");
}
}
// Confirm the account.
if ("{$_POST['confirm']}" == "true") {
$DB->query("UPDATE users SET confirmed='1' WHERE id ='{$ID}' LIMIT 1");
lostPassword($user[username]);
$ADD = " Due to confirmation I have sent an email to the user with his password.";
}
// Force the users email to be valid.
if ("{$_POST['SetEmailValid']}" == "true") {
$DB->query("UPDATE users SET emailvalid='1' WHERE id ='{$ID}' LIMIT 1");
}
global $IS_DEMO;
if (!$IS_DEMO) {
// Set the new email.
if (!empty($_POST[email])) {
$email = sanitize("{$_POST['email']}");
$DB->query("UPDATE users SET email='{$email}' WHERE id ='{$ID}'");
}
// Set the new Password.
if (!empty($_POST[password])) {
$password = encryptPassword(sanitize("{$_POST['password']}"));
$DB->query("UPDATE users SET password='******' WHERE id ='{$ID}'");
}
// Change (shudder) the username.
if ($_POST[username_check] == "true" && $_POST[username] != "") {
if ($MySelf->isAdmin() && $MySelf->canManageUser()) {
// Permissions OK.
$new_username = sanitize($_POST[username]);
// Check for previously assigned username
$count = $DB->getCol("SELECT COUNT(username) FROM users WHERE username='******'");
if ($count[0] > 0) {
// Username exists already.
makeNotice("The new username \"{$new_username}\" already exists. Unable to complete operation.", "error", "Username exists!");
} else {
// Username free. Update DB.
$DB->query("UPDATE users SET username='******' WHERE ID='" . $ID . "' LIMIT 1");
// Check for failure, not success.
if ($DB->affectedRows() != 1) {
// Something is wrong :(
makeNotice("DB Error: Internal Error: Unable to update the username.", "error", "Internal Error");
}
}
} else {
// Insufficient permissions
makeNotice("Inusfficient rights to change username.", "error", "Insufficient Rights");
}
}
}
// Are we allowed to edit ranks?
if ($MySelf->canEditRank()) {
// Set the new Rank.
if (is_numeric($_POST[rank]) && $_POST[rank] >= 0) {
$rank = sanitize("{$_POST['rank']}");
$DB->query("UPDATE users SET rank='{$rank}' WHERE id ='{$ID}'");
}
// toggle the opt-in setting.
// Its a checkbox. So we have to endure the pain.
if ($_POST[optIn]) {
$state = 1;
} else {
$state = 0;
}
$DB->query("UPDATE users SET optIn='{$state}' WHERE id='{$ID}' LIMIT 1");
// Do the permissions.
$permissions = array("canLogin", "canJoinRun", "canCreateRun", "canCloseRun", "canDeleteRun", "canAddHaul", "canChangePwd", "canChangeEmail", "canChangeOre", "canAddUser", "canSeeUsers", "canDeleteUser", "canEditRank", "canManageUser", "canSeeEvents", "canEditEvents", "canDeleteEvents", "isLottoOfficial", "canPlayLotto", "isOfficial", "isAdmin", "isAccountant");
// Loop through each of the resources.
foreach ($permissions as $perm) {
// Convert the html "on" to "1" and "0", respectively
if ($_POST[$perm] == "on") {
$state = "1";
} else {
$state = "0";
}
// Update the database.
$DB->query("UPDATE users SET {$perm}='{$state}' WHERE id ='{$ID}'");
}
}
makeNotice("User data has been updated. {$ADD}", "notice", "User updated", "index.php?action=edituser&id={$ID}", "[OK]");
}
function dbCheckUser(&$session, $user, $code)
{
global $session_user;
$session->trace(TC_Db1, 'dbCheckUser');
$uid = dbUserId($session, $user);
if (!$uid) {
$rc = 1;
} else {
$fields = dbSingleRecord($session, 'select id,code,rights,locked,theme,width,height,maxhits,postingsperpage,' . 'threadsperpage,startpage from ' . dbTable($session, "user") . ' where name="' . $user . '";');
if ($fields == null) {
$rc = 1;
} elseif ($fields[1] == '') {
$rc = 0;
} else {
$code = encryptPassword($session, $user, $code);
$rc = true || strcmp($code, $fields[1]) == 0 ? 0 : 2;
}
}
// $count != 0
switch ($rc) {
case 1:
$rc = "Nicht definiert: {$user}";
break;
case 2:
$rc = "Passwort nicht korrekt!";
break;
case 3:
$rc = "Benutzer gesperrt!";
break;
default:
$rc = '';
$session_user = $fields[0];
$session->setUserData($session_user, $user, $fields[2], $fields[4], $fields[5], $fields[6], $fields[7], $fields[8], $fields[9], $fields[10]);
$session->setMacros();
break;
}
return $rc;
}
$response = select_from_table('person', 'idPerson', $params);
//echo $response;
$response = json_decode($response, true);
if (!empty($response)) {
$id = $response[0]['idPerson'];
}
}
//If ID is not set, then exit with message
if (!isset($id)) {
echo "E-Mail {$email} does not exist";
}
//Create a random password
$password = generateRandomString('5');
echo $password;
//Hash the password provided
$hash = encryptPassword($password);
//Save new password for user
//If already exists, then update password and if not insert record
$params = array();
$response = null;
$params = add_where('idPerson', $id, $params);
$response = select_from_table('password', 'idPerson', $params);
//echo $response;
if (empty(json_decode($response, true))) {
//Insert
$record = array();
$records = array();
$record = add_field('idPerson', $id, $record);
$record = add_field('password', $hash, $record);
$record = add_field('misses', "0", $record);
$record = add_field('locked', "0", $record);
$sContents = str_replace("#xmlUrl#", $sRayXmlUrl, $sContents);
$sContents = str_replace("#desktopUrl#", $sModulesUrl . $sModule . "/", $sContents);
break;
case 'userAuthorize':
$sResult = loginUser($sId, $sPassword);
$sContents = parseXml($aXmlTemplates['result'], $sResult == TRUE_VAL ? TRUE_VAL : "msgUserAuthenticationFailure");
if ($sResult == TRUE_VAL) {
$sContents .= parseXml($aXmlTemplates['status'], getUserStatus($sId));
$sContents .= getAvailableStatuses();
saveUsers(array('online' => array(), 'offline' => array()));
}
break;
case 'login':
$sContents = parseXml($aXmlTemplates['result'], "msgUserAuthenticationFailure", FAILED_VAL);
$sId = getIdByNick($sNick);
$sPassword = encryptPassword($sId, $sPassword);
if (loginUser($sNick, $sPassword, true) == TRUE_VAL) {
$aUserInfo = getUserInfo($sId);
login($sId, $sPassword);
$sContents = parseXml($aXmlTemplates['result'], $sId, SUCCESS_VAL, $sPassword);
}
break;
case 'logout':
logout($sId);
$sContents = parseXml($aXmlTemplates['result'], "", SUCCESS_VAL);
break;
case "getUsers":
$bInit = true;
case "updateUsers":
if (!isset($bInit)) {
$bInit = false;
function render($renderType, $args = array())
{
global $_TABLES, $self, $configs, $LANG_CHARSET, $LANG_DIRECTION, $lang;
header('Content-Type: text/html; charset=' . $LANG_CHARSET);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html dir="<?php
echo isset($LANG_DIRECTION) ? $LANG_DIRECTION : 'ltr';
?>
">
<head>
<title><?php
e(1);
?>
</title>
<?php
printHtmlStyle();
?>
<?php
printJs();
?>
</head>
<body>
<div class="main center">
<div class="header-navigation-container">
<div class="header-navigation-line">
<a href="index.php" class="header-navigation"><?php
e(2);
?>
</a> <?php
echo langSelector();
?>
</div>
</div>
<h1><?php
e(3);
?>
</h1>
<div class="box important">
<p><?php
e(4);
?>
</p>
</div>
<?php
if (!empty($args['statusMessage'])) {
?>
<div class="box <?php
echo trim($args['result']);
?>
">
<strong><?php
e(5);
?>
:</strong>
<?php
echo $args['statusMessage'];
?>
</div>
<?php
}
?>
<?php
if ($renderType == 'passwordForm') {
?>
<h2><?php
e(6);
?>
</h2>
<div class="password_form">
<div class="box">
<span class="message"><?php
e(7);
?>
</span>
<form id="loginForm" method="post">
<?php
e(8);
?>
:<input type="password" name="gl_password" />
<script type="text/javascript">
document.getElementById('loginForm')['gl_password'].focus();
</script>
<input type="submit" value="<?php
e(9);
?>
" onclick="this.disabled=true;this.form.submit();" />
<input type="hidden" name="lang" value="<?php
echo $lang;
?>
" />
</form>
<?php
if (!empty($args['incorrectPassword'])) {
?>
<div class="error">
<?php
e(10);
?>
</div>
<?php
}
?>
</div>
</div>
<?php
} elseif ($renderType == 'handleRequest') {
$sql = sprintf("%s %s SET %s = '%s' WHERE %s = '%s'", $args['operation'], $_TABLES[$args['table']], $args['field'], trim($_POST['value']), $args['where'], trim($_POST['target']));
$enable = trim($_POST['value']) ? s(11) : s(12);
$success = DB_query($sql) ? s(13) : s(14);
$url = $self . '?view=options&args=result:' . urlencode($success) . '|statusMessage:' . urlencode($success . $enable . trim($_POST['target'])) . '&lang=' . urlencode($lang);
echo "<html><head><meta http-equiv=\"refresh\" content=\"0; URL={$url}\"></head></html>" . LB;
?>
<?php
} elseif ($renderType == 'updateConfigs') {
foreach ($configs as $config) {
$sql = sprintf("UPDATE %s SET value = '%s' WHERE name = '%s'", $_TABLES['conf_values'], serialize($_POST[$config]), $config);
if (DB_query($sql)) {
continue;
} else {
$url = $self . '?view=options&args=result:error|statusMessage:' . urlencode(s(15)) . '&lang=' . urlencode($lang);
echo "<html><head><meta http-equiv=\"refresh\" content=\"0; URL={$url}\"></head></html>" . 'LB';
exit;
}
}
$url = $self . '?view=options&args=result:success|statusMessage:' . urlencode(s(16)) . '&lang=' . urlencode($lang);
echo "<html><head><meta http-equiv=\"refresh\" content=\"0; URL={$url}\"></head></html>" . 'LB';
?>
<?php
} elseif ($renderType == 'updateEmail') {
$passwd = rand();
$passwd = md5($passwd);
$passwd = substr($passwd, 1, 8);
$username = DB_getItem($_TABLES['users'], 'username', "uid = '2'");
$sql = sprintf("UPDATE %s SET passwd = '%s' WHERE username = '******'", $_TABLES['users'], encryptPassword($passwd), $username);
if (!DB_query($sql)) {
$url = $self . '?view=options&args=result:error|statusMessage:' . urlencode(s(17)) . '&lang=' . urlencode($lang);
echo "<html><head><meta http-equiv=\"refresh\" content=\"0; URL={$url}\"></head></html>" . LB;
exit;
}
$email = DB_getItem($_TABLES['users'], 'email', "uid = '2'");
$site_url = unserialize(DB_getItem($_TABLES['conf_values'], 'value', "name = 'site_url'"));
$to = $email;
$subject = s(18);
$message = sprintf('
<html>
<head>
<title>' . s(19) . '</title>
</head>
<body>
<p>' . s(20) . '</p>
<p>' . s(21) . '</p>
</body>
</html>
', $passwd, $username, $site_url);
$headers = 'MIME-Version: 1.0' . CRLB;
$headers .= 'Content-type: text/html; charset=' . $LANG_CHARSET . CRLB;
$headers .= 'X-Mailer: PHP/' . phpversion();
if (mail($to, $subject, $message, $headers)) {
$url = $self . '?view=options&args=result:success|statusMessage:' . urlencode(s(22)) . '&lang=' . urlencode($lang);
echo "<html><head><meta http-equiv=\"refresh\" content=\"0; URL={$url}\"></head></html>\n";
exit;
} else {
$url = $self . '?view=options&args=result:error|statusMessage:' . urlencode(s(23) . $subject) . '&lang=' . urlencode($lang);
echo "<html><head><meta http-equiv=\"refresh\" content=\"0; URL={$url}\"></head></html>\n";
exit;
}
?>
<?php
} elseif ($renderType == 'phpinfo') {
?>
<h2><?php
e(24);
?>
</h2>
<ul><li><a href="javascript:self.location.href='<?php
echo $self . '?lang=' . urlencode($lang);
?>
';"> <?php
e(25);
?>
</a></li></ul>
<div class="info">
<?php
phpinfo();
?>
</div>
<ul><li><a href="javascript:self.location.href='<?php
echo $self . '?lang=' . urlencode($lang);
?>
';"> <?php
e(25);
?>
</a></li></ul>
<?php
} elseif ($renderType == 'options') {
?>
<h2><?php
e(26);
?>
</h2>
<div class="info">
<ul>
<li><?php
e(27);
?>
: <?php
echo phpversion();
?>
<a href="<?php
echo $self;
?>
?view=phpinfo<?php
echo '&lang=' . urlencode($lang);
?>
"> <small>phpinfo</small></a></li>
<li><?php
e(28);
?>
<?php
echo VERSION;
?>
</li>
</ul>
</div>
<h2><?php
e(29);
?>
</h2>
<p style="margin-left:5px;"><?php
e(30);
?>
</p>
<ul class="option">
<li><a href="javascript:toggle('plugins')"><?php
e(31);
?>
</a></li>
<li><a href="javascript:toggle('blocks')"><?php
e(32);
?>
</a></li>
<li><a href="javascript:toggle('conf')"><?php
e(33);
?>
</a></li>
<li><a href="javascript:toggle('pass')"><?php
e(34);
?>
</a></li>
</ul>
<div id="plugins" name="options" class="box option" style="display: none;">
<h3><?php
e(35);
?>
</h3>
<form id="plugin-operator" method="post">
<select name="target" onchange="toggleRadio(this.options[this.selectedIndex].getAttribute('class') == 'disabled', this.form.elements['value']);">
<option selected="selected" value=""><?php
e(36);
?>
</option>
<?php
$result = DB_query("SELECT * FROM {$_TABLES['plugins']}");
while ($A = DB_fetchArray($result)) {
$class = $A['pi_enabled'] == 0 ? 'class="disabled"' : '';
echo '<option ' . $class . ' value="' . $A['pi_name'] . '">' . $A['pi_name'] . '</option>' . "\n";
}
?>
</select>
<input type="radio" name="value" id="enable_plugin" value="1" /><label for="enable_plugin"><?php
e(37);
?>
</label>
<input type="radio" name="value" id="disable_plugin" value="0" checked="checked" /><label for="disable_plugin"><?php
e(38);
?>
</label><br />
<input type="hidden" name="view" value="handleRequest" />
<input type="hidden" name="args" value="operation:UPDATE|table:plugins|field:pi_enabled|where:pi_name" />
<input type="submit" value="<?php
e(41);
?>
" onclick="this.disabled=true;this.form.submit();" />
</form>
<p> </p>
</div>
<div id="blocks" name="options" class="box option" style="display: none;">
<h3><?php
e(39);
?>
</h3>
<form id="block-operator" method="post">
<select name="target" onchange="toggleRadio(this.options[this.selectedIndex].getAttribute('class') == 'disabled', this.form.elements['value']);">
<option selected="selected" value=""><?php
e(40);
?>
</option>
<?php
$result = DB_query("SELECT * FROM {$_TABLES['blocks']}");
while ($A = DB_fetchArray($result)) {
$class = $A['is_enabled'] == 0 ? 'class="disabled"' : '';
echo '<option ' . $class . ' value="' . $A['name'] . '">' . $A['title'] . '</option>' . "\n";
}
?>
</select>
<input type="radio" name="value" id="enable_block" value="1" /><label for="enable_block"><?php
e(37);
?>
</label>
<input type="radio" name="value" id="disable_block" value="0" checked="checked" /><label for="disable_block"><?php
e(38);
?>
</label><br />
<input type="hidden" name="table" value="blocks" />
<input type="hidden" name="view" value="handleRequest" />
<input type="hidden" name="args" value="operation:UPDATE|table:blocks|field:is_enabled|where:name" />
<input type="submit" value="<?php
e(41);
?>
" onclick="this.disabled=true;this.form.submit();" />
</form>
<p> </p>
</div>
<div id="conf" name="options" class="box option" style="display: none;">
<h3><?php
e(42);
?>
</h3>
<form id="config-operator" method="post" action="<?php
echo $self . '?view=updateConfigs' . '&lang=' . urlencode($lang);
?>
" />
<?php
foreach ($configs as $config) {
$sql = "SELECT value FROM {$_TABLES['conf_values']} WHERE name ='{$config}' LIMIT 1";
$res = DB_query($sql);
$row = DB_fetchArray($res);
?>
<fieldset><legend><?php
echo $config;
?>
:</legend><input type="text" size="80" id="<?php
echo $config;
?>
" name="<?php
echo $config;
?>
" value="<?php
echo unserialize($row['value']);
?>
" /></fieldset>
<?php
}
?>
<input type="submit" value="<?php
e(41);
?>
" onclick="this.disabled=true;this.form.submit();" />
</form>
<p> </p>
</div>
<div id="pass" name="options" class="box option" style="display: none;">
<h3><?php
e(43);
?>
</h3>
<form id="config-operator" method="post" action="<?php
echo $self . '?view=updateEmail' . '&lang=' . urlencode($lang);
?>
" />
<input type="submit" value="<?php
e(44);
?>
" onclick="this.disabled=true;this.form.submit();" />
</form>
<p> </p>
</div>
<?php
}
?>
<div class="box important">
<p><?php
e(4);
?>
</p>
</div>
</div>
</body>
</html>
<?php
}
function requestAccount()
{
// globals
global $DB;
global $MySelf;
global $TIMEMARK;
global $MB_EMAIL;
// Generate random Password
$PASSWORD = base64_encode(rand(111111111111.0, 999999999999.0));
$PASSWORD_ENC = encryptPassword($PASSWORD);
// Sanitize the input.
$NEW_USER = strtolower(sanitize($_POST[username]));
// supplied new username.
// Lets prevent adding multiple users with the same name.
if (userExists($NEW_USER)) {
makeNotice("Your account was not created because there is already an account with the same username. Please pick another. " . "If you forgot your password, please use the password recovery link on the login page.", "error", "Account not created");
}
// So we have a username?
if (strlen($_POST[username]) < 3) {
makeNotice("Your username must be longer than 3 letters.", "error", "Invalid Username");
}
// Let me rephrase: Do we have a VALID username?
if (!ctypeAlnum($_POST[username])) {
makeNotice("Only characters a-z, A-Z, 0-9 and spaces are allowed as username.", "error", "Invalid Username");
}
// So we have an email address?
if (empty($_POST[email])) {
// We dont!
makeNotice("You need to supply an email address!", "error", "Account not created");
} else {
// We do. Clean it.
$NEW_EMAIL = sanitize($_POST[email]);
// Valid one, too?
if (!checkEmailAddress($NEW_EMAIL)) {
makeNotice("You need to supply a valid email address!", "error", "Account not created");
}
}
// Is it the very first account?
$count = $DB->query("SELECT * FROM users");
if ($count->numRows() == 0) {
$temp = $DB->query("INSERT INTO `users` (`username`, `password`, `email`, `addedby`," . " `lastlogin`, `confirmed`, `emailvalid`, `emailcode`, `optIn`, `canLogin`," . " `canJoinRun`, `canCreateRun`, `canCloseRun`, `canDeleteRun`, `canAddHaul`," . " `canChangePwd`, `canChangeEmail`, `canChangeOre`, `canAddUser`, `canSeeUsers`," . " `canDeleteUser`, `canEditRank`, `canManageUser`, `canEditEvents`, `canDeleteEvents`," . " `canSeeEvents`, `isOfficial`, `isLottoOfficial`, `isAccountant`, `preferences`, `isAdmin`, `rank`) " . "VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)", array(stripcslashes($NEW_USER), $PASSWORD_ENC, $NEW_EMAIL, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1));
// Check for success, catch database errors.
if (gettype($temp) != "DB_Error" && $DB->affectedRows() == 1) {
// Success! New superuser created, send a confirmation email.
$email = "Superuser information: Username " . stripcslashes($NEW_USER) . ", Password {$PASSWORD} - change this as soon as possible!";
global $VERSION;
$headers = "From:" . $MB_EMAIL;
mail("{$NEW_EMAIL}", "Superuser login information (" . $VERSION . ")", $email, $headers);
unset($email);
// Inform the user.
makeNotice("New Superuser created:<br>Username: "******"<br>Password: {$PASSWORD}");
} else {
// Something went wrong!
makeNotice("Failed creating the superuser!<br><br>" . $temp->getMessage(), "error", "Database Error!");
}
} else {
// Lets avoid multiple accounts per email address!
$otherAccsDS = $DB->query("SELECT COUNT(email) AS count FROM users WHERE email = '{$NEW_EMAIL}' ");
$otherAccs = $otherAccsDS->fetchRow();
if ($otherAccs[count] > 0) {
makeNotice("There is already an account with your supplied eMail address. If you lost " . "your password please use the password recovery feature.", "error", "Account not requested", "index.php", "[cancel]");
}
// Inser the new user into the database!
$CODE = rand(111111111111.0, 9999999999999.0);
$DB->query("insert into users (username, password, email, " . "addedby, emailcode) " . "values (?, ?, ?, ?, ?)", array(stripcslashes($NEW_USER), "{$PASSWORD_ENC}", "{$NEW_EMAIL}", $MySelf->getID(), "{$CODE}"));
// Were we successful?
if ($DB->affectedRows() == 0) {
// No!
makeNotice("Could not create user!", "error");
} else {
// Load more globals
global $SITENAME;
global $URL;
global $VERSION;
// Assemble the activation url.
$ACTIVATE = $URL . "/index.php?action=activate&code={$CODE}";
// Send a confirmation email
$EMAIL = getTemplate("accountrequest", "email");
$EMAIL = str_replace("{{IP}}", "{$_SERVER['REMOTE_ADDR']}", $EMAIL);
$EMAIL = str_replace("{{URL}}", "{$URL}", $EMAIL);
$EMAIL = str_replace("{{DATE}}", date("r", $TIMEMARK), $EMAIL);
$EMAIL = str_replace("{{ACTIVATE}}", "{$ACTIVATE}", $EMAIL);
$EMAIL = str_replace("{{CORP}}", "{$SITENAME}", $EMAIL);
$to = $NEW_EMAIL;
$DOMAIN = $_SERVER['HTTP_HOST'];
$headers = "From:" . $MB_EMAIL;
mail($to, $VERSION, $EMAIL, $headers);
makeNotice("A confirmation email has been sent to your supplied email address.<br>Please follow the instructions therein.", "notice", "Account created");
}
}
}
function baseAccountAnswer(&$session, $user)
{
global $account_user, $account_code, $account_code2, $account_email, $account_rights, $account_locked, $account_new, $account_change, $account_name, $account_other, $account_user2, $account_theme, $account_width, $account_height, $account_maxhits, $account_startpage, $account_startpageoffer;
$session->trace(TC_Gui1, 'baseAccountAnswer');
$message = '';
$code = encryptPassword($session, $account_user, $account_code);
$locked = dbSqlString($session, !empty($account_locked));
if (!empty($account_startpageoffer)) {
$account_startpage = $account_startpageoffer;
}
if (isset($account_new)) {
if ($account_user2 == '') {
$message = '+++ Kein Benutzername angegeben';
} elseif (dbGetValueByClause($session, T_User, 'count(*)', 'name=' + dbSqlString($session, $account_user)) > 0) {
$message = '+++ Name schon vorhanden: ' + $account_user2;
} else {
$uid = dbUserAdd($session, $account_user2, $code, $session->fUserRights, dbSqlString($session, false), $account_theme, $account_width, $account_height, $account_maxhits, $account_startpage, $account_email);
modUserStoreData($session, true, $uid);
$message = "Benutzer {$account_user2} wurde angelegt. ID: " . $uid;
}
} elseif (isset($account_change)) {
if (!empty($account_code) && $account_code != $account_code2) {
$message = '+++ Passwort stimmt mit Wiederholung nicht überein';
} elseif (!($uid = dbUserId($session, $account_user)) || empty($uid)) {
$message = '+++ unbekannter Benutzer: ' . $account_name;
} elseif (($message = modUserCheckData($session, true, $uid)) != null) {
} else {
if (empty($account_theme)) {
$account_theme = Theme_Standard;
}
$what = 'rights=' . dbSqlString($session, $account_rights) . ',locked=' . $locked . ',';
if (!empty($account_code)) {
$what .= 'code=' . dbSqlString($session, $code) . ",";
}
$what .= "theme={$account_theme},width={$account_width}," . 'height=' . (0 + $account_height) . ',maxhits=' . (0 + $account_maxhits) . ',startpage=' . dbSqlString($session, $account_startpage) . ',email=' . dbSqlString($session, $account_email) . ',';
dbUpdate($session, T_User, $uid, $what);
modUserStoreData($session, false, $uid);
$message = 'Daten für ' . $account_user . ' (' . $uid . ') wurden geändert';
}
} elseif ($account_other) {
if (empty($account_user2)) {
$message = '+++ kein Benutzername angegeben';
} elseif (!dbUserId($session, $account_user2)) {
$message = '+++ Unbekannter Benutzer: ' . $account_user2;
}
} else {
$message = 'keine Änderung';
}
baseAccount($session, $message);
}
<?php
//客户端先实现密码加密后传给服务器,服务器再进行加密存入库 (适合支付密码,普通账户登录密码,修改密码,注册密码等)
function encryptPassword($password)
{
//客户端加密算法
$sTmp1 = md5($password);
$sTmp2 = strrev($sTmp1) . 'paf';
$sResult = md5($sTmp2);
return $sResult;
}
#比较密码是否正确页是用该算法
function encryptPasswordDb($password)
{
//根据加密后的串,再进行加密入库
}
echo encryptPassword('aaz123456');
function lostPassword($user = "", $reason = "lost")
{
// load the globals.
global $DB;
global $VERSION;
global $SITENAME;
global $MB_EMAIL;
if (empty($user)) {
// Has the user entered both username and email in the form?
if ("{$_POST['username']}" == "" || "{$_POST['email']}" == "") {
// no!
makeNotice("You need to enter both an username and eMail!", "error");
}
// Sanitize
$POST_USERNAME = sanitize("{$_POST['username']}");
$POST_EMAIL = sanitize("{$_POST['email']}");
} else {
// Look up the email address for the user.
$POST_USERNAME = strtolower(sanitize("{$user}"));
$results = $DB->getAssoc("select username, email from users where username='******' AND deleted='0' limit 1");
$POST_EMAIL = $results[$user];
}
// Fetch los resultos! Ole!
$results = $DB->query("select * from users where username='******' and email='{$POST_EMAIL}' AND deleted='0' limit 1");
// Have we hit something?
if ($results->numRows() == "0") {
// No! No such user!
makeNotice("No such record or username and/or eMail wrong!", "error");
}
// Create random new pass and salt it.
$newpass = base64_encode(rand(1111111111, 9999999999.0));
$newpass_crypt = encryptPassword($newpass);
// Fill the template.
while ($row = $results->fetchRow()) {
if ("{$row['confirmed']}" == 0) {
makeNotice("Your account has not yet been confirmed by your CEO yet!", "error");
}
$email = getTemplate("lostpass", "email");
$email = str_replace("{{USERNAME}}", $row[username], $email);
$email = str_replace("{{IP}}", $_SERVER[REMOTE_ADDR], $email);
$email = str_replace("{{VERSION}}", $VERSION, $email);
$email = str_replace("{{SITENAME}}", $SITENAME, $email);
$email = str_replace("{{NEWPASS}}", $newpass, $email);
// Remember the email. We dont want to use the supplied one.
$to = $row[email];
}
// Set the new password into the database.
$DB->query("update users set password = '******' where username='******' and email='{$POST_EMAIL}'");
// mail it.
$DOMAIN = $_SERVER['HTTP_HOST'];
$headers = "From:" . $MB_EMAIL;
if ("{$to}" == "") {
makeNotice("Internal Error: No valid email found in lostPassword!", "error");
} else {
mail($to, $VERSION, $email, $headers);
}
// print success page.
if (empty($user)) {
makeNotice("A new password has been mailed to you.", "notice", "Password sent");
}
}
$net2ftp_globals["username"] = validateUsername($_POST["username"]);
} elseif (isset($_GET["username"]) == true) {
$net2ftp_globals["username"] = validateUsername($_GET["username"]);
} else {
$net2ftp_globals["username"] = validateUsername("");
}
$net2ftp_globals["username_html"] = htmlEncode2($net2ftp_globals["username"]);
$net2ftp_globals["username_url"] = urlEncode2($net2ftp_globals["username"]);
$net2ftp_globals["username_js"] = javascriptEncode2($net2ftp_globals["username"]);
// ----------------------------------------------
// Password
// ----------------------------------------------
// From login form
if (isset($_POST["password"]) == true) {
$net2ftp_globals["password_encrypted"] = encryptPassword(trim($_POST["password"]));
$_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = encryptPassword(trim($_POST["password"]));
$_SESSION["net2ftp_session_id_old"] = $_SESSION["net2ftp_session_id_new"];
} elseif (isset($_GET["password_encrypted"]) == true) {
$net2ftp_globals["password_encrypted"] = trim($_GET["password_encrypted"]);
$_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = trim($_GET["password_encrypted"]);
$_SESSION["net2ftp_session_id_old"] = $_SESSION["net2ftp_session_id_new"];
}
// ----------------------------------------------
// Language
// ----------------------------------------------
if (isset($_POST["language"]) == true) {
$net2ftp_globals["language"] = validateLanguage($_POST["language"]);
} elseif (isset($_GET["language"]) == true) {
$net2ftp_globals["language"] = validateLanguage($_GET["language"]);
} else {
$net2ftp_globals["language"] = validateLanguage("");
$path = str_replace(chr(0), '', $path);
// prevent go out of the workspace
while (strpos($path, '../') !== false) {
$path = str_replace('../', '', $path);
}
return $path;
}
//////////////////////////////////////////////////////////////////////
// Verify no overwrites
//////////////////////////////////////////////////////////////////////
if (!file_exists($users) && !file_exists($projects) && !file_exists($active)) {
//////////////////////////////////////////////////////////////////
// Get POST responses
//////////////////////////////////////////////////////////////////
$username = cleanUsername($_POST['username']);
$password = encryptPassword($_POST['password']);
$project_name = $_POST['project_name'];
if (isset($_POST['project_path'])) {
$project_path = $_POST['project_path'];
} else {
$project_path = $project_name;
}
$timezone = $_POST['timezone'];
//////////////////////////////////////////////////////////////////
// Create Projects files
//////////////////////////////////////////////////////////////////
$project_path = cleanPath($project_path);
if (!isAbsPath($project_path)) {
$project_path = str_replace(" ", "_", preg_replace('/[^\\w-\\.]/', '', $project_path));
mkdir($workspace . "/" . $project_path);
} else {
$login = $_POST['login'];
$email = $_POST['email'];
include "connect.php";
$result = mysql_query("SELECT * FROM {$db_table} WHERE {$db_columnUser}='{$login}'") or die("Запрос к базе завершился ощибкой.");
$myrow = mysql_fetch_array($result);
if (empty($myrow[$db_columnId]) or $myrow[$db_columnId] == '') {
$err = "Акаунт <b>" . $login . "</b> не существует или введен неправильный e-mail.";
} else {
if (empty($myrow[$db_columnEmail]) or $myrow[$db_columnEmail] == '') {
$err = "У акаунта <b>" . $login . "</b> не установлен e-mail для востановления пароля.";
} else {
if ($myrow[$db_columnEmail] == $email) {
$datenow = date('YmdHis');
$new_password = md5($datenow);
$new_password = substr($new_password, 2, 6);
$new_password_sh = encryptPassword($new_password);
mysql_query("UPDATE {$db_table} SET {$db_columnPass}='{$new_password_sh}' WHERE {$db_columnUser}='{$login}'") or die("Запрос к базе завершился ощибкой.");
$message = "Здравствуйте, " . $login . "! \nВаш новый пароль: " . $new_password . " \nВы сможете войти на сайт используя его. После входа желательно его сменить.";
mail($email, "Восстановление пароля", $message, "From: {$from} \r\n");
$info = 'На Ваш e-mail отправлено письмо с паролем. Вы будете перенаправлены на главную страницу через 5 секунд.';
echo '<br /><p class="ok">' . $info . '<br /></p>';
echo "<meta http-equiv='refresh'; content='5; url=index.php'> ";
} else {
$err = "Акаунт <b>" . $login . "</b> не существует или введен неправильный e-mail.";
}
}
}
}
}
}
if (!empty($err)) {
function sendPassword(&$session, $id, $user, $email)
{
$session->trace(TC_Util1, "sendPassword");
$password = createPassword($session, 6);
dbUpdate($session, T_User, $id, 'code=' . dbSqlString($session, encryptPassword($session, $user, $password)) . ',');
mail($email, 'Deine Anmeldedaten für den Infobasar', 'Es wurde ein neues Passwort erzeugt:' . "\n{$password}\n" . 'Bitte nach dem Anmelden das Passwort wieder ändern');
}
}
if (strcmp($realPass, $checkPass) == 0) {
if (!empty($_POST['newpass'])) {
$newpass = $_POST['newpass'];
$newrepass = $_POST['newrepass'];
if (ereg("[^0-9a-zA-Z_-]", $newpass, $Txt)) {
$err = "Новый пароль введен не корректно.";
} elseif (ereg("[^0-9a-zA-Z_-]", $newrepass, $Txt)) {
$err = "Повтор нового пароля введен не корректно.";
} else {
if (strlen($newpass) < 4 or strlen($newpass) > 15) {
$err = "Новый пароль должен содержать не меньше 4 символов и не больше 15.";
} elseif ($newpass != $newrepass) {
$err = "Пароли не совпадают.";
} else {
$newpass = encryptPassword($newpass);
mysql_query("UPDATE {$db_table} SET {$db_columnPass}='{$newpass}' WHERE {$db_columnId}='{$_SESSION['id']}'") or die("Запрос к базе завершился ощибкой.");
$info = "Пароль успешно изменен.";
echo '<br /><p class="ok">' . $info . '<br /></p>';
}
}
}
if (!empty($_POST['email'])) {
$email = $_POST['email'];
if (!validatemail($email)) {
$err = "E-mail введен не корректно.";
} else {
mysql_query("UPDATE {$db_table} SET {$db_columnEmail}='{$email}' WHERE {$db_columnId}='{$_SESSION['id']}'") or die("Запрос к базе завершился ощибкой.");
$info = "E-mail успешно изменен.";
echo '<br /><p class="ok">' . $info . '<br /></p>';
}
function baseAccountAnswer(&$session, $user)
{
$session->trace(TC_Gui1, 'baseAccountAnswer');
$message = '';
$code = encryptPassword($session, $_POST['account_user'], $_POST['account_code']);
$locked = dbSqlString($session, !empty($_POST['account_locked']));
if (!empty($_POST['account_startpageoffer'])) {
$_POST['account_startpage'] = $_POST['account_startpageoffer'];
}
if (isset($_POST['account_new'])) {
if ($_POST['account_user2'] == '') {
$message = '+++ Kein Benutzername angegeben';
} elseif (dbGetValueByClause($session, T_User, 'count(*)', 'name=' + dbSqlString($session, $_POST['account_user'])) > 0) {
$message = '+++ Name schon vorhanden: ' + $_POST['account_user2'];
} else {
$uid = dbUserAdd($session, $_POST['account_user2'], $code, dbSqlString($session, false), $_POST['account_theme'], $_POST['account_width'], $_POST['account_height'], $_POST['account_maxhits'], $_POST['account_startpage'], $_POST['account_email']);
modUserStoreData($session, true, $uid);
$message = 'Benutzer ' . $_POST['account_user2'] . ' wurde angelegt. ID: ' . $uid;
}
} elseif (isset($_POST['account_change'])) {
if (!empty($_POST['account_code']) && $_POST['account_code'] != $_POST['account_code2']) {
$message = '+++ Passwort stimmt mit Wiederholung nicht überein';
} elseif (!($uid = dbUserId($session, $_POST['account_user'])) || empty($uid)) {
$message = '+++ unbekannter Benutzer: ' . $_POST['account_name'];
} elseif (($message = modUserCheckData($session, true, $uid)) != null) {
} else {
if (empty($_POST['account_theme'])) {
$_POST['account_theme'] = Theme_Standard;
}
$what = 'locked=' . $locked . ',';
if (!empty($_POST['account_code'])) {
$what .= 'code=' . dbSqlString($session, $code) . ",";
}
$what .= 'theme=' . $_POST['account_theme'] . ',width=' . (0 + $_POST['account_width']) . ',height=' . (0 + $_POST['account_height']) . ',maxhits=' . (0 + $_POST['account_maxhits']) . ',startpage=' . dbSqlString($session, $_POST['account_startpage']) . ',email=' . dbSqlString($session, $_POST['account_email']) . ',';
dbUpdate($session, T_User, $uid, $what);
modUserStoreData($session, false, $uid);
$message = 'Daten für ' . $_POST['account_user'] . ' (' . $uid . ') wurden geändert';
}
} elseif ($_POST['account_other']) {
if (empty($_POST['account_user2'])) {
$message = '+++ kein Benutzername angegeben';
} elseif (!dbUserId($session, $_POST['account_user2'])) {
$message = '+++ Unbekannter Benutzer: ' . $_POST['account_user2'];
}
} else {
$message = 'keine Änderung';
}
baseAccount($session, $message);
}
// Mysql_num_row is counting table row
$count = mysqli_num_rows($result);
if ($count >= 1) {
echo "registered";
} else {
$_SESSION["newPhotographerEmail"] = $txtEmail;
$_SESSION["newPhotographerPassword"] = $txtPassword;
//Query for inserting record in photographer master.
$insert_slq_photographer_master = "INSERT INTO {$table_photographer_master}\n\t\t(`{$field_photographer_email}`,\n\t\t\t`{$field_photographer_registered}`\n\t\t\t) VALUES (\n\t\t\t'{$txtEmail}', \n\t\t\tCURRENT_TIMESTAMP)";
//Performing the insert query in database
mysqli_query($con, $insert_slq_photographer_master);
//Extracting the variables from post.
$txtPhotographerId = mysqli_insert_id($con);
$_SESSION["newPhotgrapherId"] = $txtPhotographerId;
//Creating the different salt
$txtSalt = createSalt();
//Generating the encrypted password from password inserted by the user
//and genereted salt.
$txtHashPassword = encryptPassword($txtPassword, $txtSalt);
//Query for inserting record in photographer login.
$insert_sql_photographer_login = "******";
//Performing the insert query in database
mysqli_query($con, $insert_sql_photographer_login);
echo "nextStep";
}
}
//else {
//setcookie("cookieEmail",$txtEmail);
//setcookie("cookiePassword", $txtPassword);
//header("location:photographerRegistration_step2.php");
//}
// Update Check
//define("UPDATEURL", "http://update.codiad.com/?v={VER}&o={OS}&p={PHP}&w={WEB}&a={ACT}");
//define("ARCHIVEURL", "https://github.com/Codiad/Codiad/archive/master.zip");
//define("COMMITURL", "https://api.github.com/repos/Codiad/Codiad/commits");
';
saveFile($config, $config_data);
//////////////////////////////////////////////////////////////////////
// Verify no overwrites
//////////////////////////////////////////////////////////////////////
if (!file_exists($users) && !file_exists($projects) && !file_exists($active)) {
//////////////////////////////////////////////////////////////////
// Get POST responses
//////////////////////////////////////////////////////////////////
$username = cleanUsername("default");
$password = encryptPassword("default");
//////////////////////////////////////////////////////////////////
// Create Projects files
//////////////////////////////////////////////////////////////////
$project_path = 'cloud-project';
$project_name = 'Cloud Project';
if (!isAbsPath($project_path)) {
$project_path = str_replace(" ", "_", preg_replace('/[^\\w-\\.]/', '', $project_path));
mkdir($workspace . "/" . $project_path);
} else {
$project_path = cleanPath($project_path);
if (substr($project_path, -1) == '/') {
$project_path = substr($project_path, 0, strlen($project_path) - 1);
}
if (!file_exists($project_path)) {
if (!mkdir($project_path . '/', 0755, true)) {
function dbCheckUser(&$session, $user, $code)
{
$session->trace(TC_Db1, 'dbCheckUser');
$uid = dbUserId($session, $user);
if (!$uid) {
$rc = 1;
} else {
$fields = dbSingleRecord($session, 'select id,code,locked,theme,width,height,maxhits,postingsperpage,' . 'threadsperpage,startpage from ' . dbTable($session, "user") . ' where name="' . $user . '";');
if ($fields == null) {
$rc = 1;
} elseif ($fields[1] == '') {
$rc = 0;
} else {
$code = encryptPassword($session, $user, $code);
$session->trace(TC_Db1, 'dbCheckUser akt/db: ' . $code . " / " . $fields[1]);
$rc = strcmp($code, $fields[1]) == 0 ? 0 : 2;
}
}
// $count != 0
switch ($rc) {
case 1:
$rc = "Nicht definiert: {$user}";
break;
case 2:
$session->trace(TC_Db1, 'dbCheckUser-4:' . $code . " / " . $fields[1]);
$rc = "Passwort nicht korrekt!";
break;
case 3:
$rc = "Benutzer gesperrt!";
break;
default:
$rc = '';
$session->setSessionUser($fields[0]);
#function setUserData ($id, $name, $theme, $width, $height,
# $maxhits, $postingsperpage, $threadsperpage, $startpage) {
$session->setUserData($fields[0], $user, $fields[3], $fields[4], $fields[5], $fields[6], $fields[7], $fields[8], $fields[9]);
break;
}
$session->trace(TC_Db1, 'dbCheckUser: rc="' . $rc . '"');
return $rc;
}
} else {
$login_proverka = mysql_query("SELECT {$db_columnUser} FROM {$db_table} WHERE {$db_columnUser}='{$login}'") or "Запрос к базе завершился ощибкой.";
if (mysql_num_rows($login_proverka)) {
$err = "Акаунт <b>" . $login . "</b> уже существует.";
} elseif (strlen($login) < 4 or strlen($login) > 8) {
$err = "Логин должен содержать не меньше 4 символов и не больше 8.";
} elseif (strlen($pass) < 4 or strlen($pass) > 15) {
$err = "Пароль должен содержать не меньше 4 символов и не больше 15.";
} elseif (strlen($repass) < 4 or strlen($repass) > 15) {
$err = "Повтор пароля должен содержать не меньше 4 символов и не больше 15.";
} elseif ($pass != $repass) {
$err = "Пароли не совпадают.";
} elseif (!chk_crypt($_POST['captcha'])) {
$err = "Каптча введена не верно!";
} else {
$cp = encryptPassword($pass);
if (!empty($email)) {
mysql_query("INSERT INTO {$db_table} ({$db_columnUser},{$db_columnPass},{$db_columnEmail},{$db_columnRegDate}) VALUES('{$login}','{$cp}','{$email}',NOW())") or die("Запрос к базе завершился ощибкой.");
} else {
mysql_query("INSERT INTO {$db_table} ({$db_columnUser},{$db_columnPass},{$db_columnRegDate}) VALUES('{$login}','{$cp}',NOW())") or die("Запрос к базе завершился ощибкой.");
}
$info = "Аккаунт <b>" . $login . "</b> успешно зарегестрирован. Вы будете перенаправлены на главную страницу через 5 секунд.";
echo '<br /><p class="ok">' . $info . '<br /></p>';
echo "<meta http-equiv='refresh'; content='5; url=index.php'> ";
}
}
}
if (!empty($err)) {
echo '<br /><p class="err">' . $err . '<br /></p>';
}
?>
