function addNewUser() { // globals global $DB; global $MySelf; global $MB_EMAIL; // Sanitize the input. $USERNAME = $MySelf->getUsername; $NEW_USER = strtolower(sanitize($_POST[username])); // supplied new username. if (!ctypeAlnum($NEW_USER)) { makeNotice("Only characters a-z, A-Z and 0-9 are allowed as username.", "error", "Invalid Username"); } /* Password busines */ if ($_POST[pass1] != $_POST[pass2]) { makeNotice("The passwords did not match!", "warning", "Passwords invalid", "index.php?action=newuser", "[retry]"); } $PASSWORD = encryptPassword("{$_POST['pass1']}"); $PASSWORD_ENC = $PASSWORD; /* lets see if the users (that is logged in) has sufficient * rights to create even the most basic miner. Level 3+ is * needed. */ if (!$MySelf->canAddUser()) { makeNotice("You are not authorized to do that!", "error", "Forbidden"); } // Lets prevent adding multiple users with the same name. if (userExists($NEW_USER) >= 1) { makeNotice("User already exists!", "error", "Duplicate User", "index.php?action=newuser", "[Cancel]"); } // So we have an email address? if (empty($_POST[email])) { // We dont! makeNotice("You need to supply an email address!", "error", "Account not created"); } else { // We do. Clean it. $NEW_EMAIL = sanitize($_POST[email]); } // Inser the new user into the database! $DB->query("insert into users (username, password, email, addedby, confirmed) " . "values (?, ?, ?, ?, ?)", array("{$NEW_USER}", "{$PASSWORD_ENC}", "{$NEW_EMAIL}", $MySelf->getUsername(), "1")); // Were we successfull? if ($DB->affectedRows() == 0) { makeNotice("Could not create user!", "error"); } else { // Write the user an email. global $SITENAME; $mail = getTemplate("newuser", "email"); $mail = str_replace('{{USERNAME}}', "{$NEW_USER}", $mail); $mail = str_replace('{{PASSWORD}}', "{$PASSWORD}", $mail); $mail = str_replace('{{SITE}}', "http://" . $_SERVER['HTTP_HOST'] . "/", $mail); $mail = str_replace('{{CORP}}', "{$SITENAME}", $mail); $mail = str_replace('{{CREATOR}}', "{$USERNAME}", $mail); $to = $NEW_EMAIL; $DOMAIN = $_SERVER['HTTP_HOST']; $subject = "Welcome to MiningBuddy"; $headers = "From:" . $MB_EMAIL; mail($to, $subject, $mail, $headers); makeNotice("User added and confirmation email sent.", "notice", "Account created", "index.php?action=editusers"); } }
function addUser($username, $email, $password, $avatar, $steamid) { //Check if user exists $checkLogin = checkUserLogin($username); if ($checkLogin == FALSE) { //Loginname doesn't exist //Check if email exists $checkEmail = checkEmail($email); if ($checkEmail == FALSE) { //Email doesn't exist $thisUser = new User(); $thisUser->username = $username; $thisUser->loginname = $username; $thisUser->password = encryptPassword($password); $thisUser->email = $email; $thisUser->avatar = $avatar; $thisUser->steamid = $steamid; $thisUser->save(); return TRUE; } else { //Email exists return FALSE; } } else { //Loginname exists return FALSE; } }
function registerUser() { $userName = $_POST['userName']; # Verify that the user doesn't exist in the database $result = verifyUser($userName); if ($result['status'] == 'COMPLETE') { $email = $_POST['email']; $userFirstName = $_POST['userFirstName']; $userLastName = $_POST['userLastName']; $userPassword = encryptPassword(); # Make the insertion of the new user to the Database $result = registerNewUser($userFirstName, $userLastName, $userName, $email, $userPassword); # Verify that the insertion was successful if ($result['status'] == 'COMPLETE') { # Starting the session startSession($userFirstName, $userLastName, $userName); echo json_encode($result); } else { # Something went wrong while inserting the new user die(json_encode($result)); } } else { # Username already exists die(json_encode($result)); } }
public function save() { global $IP_ADDRESS; $returnVal = false; if ($this->objSignUpForm->validate()) { $newPassword = encryptPassword($_POST['password']); $arrColumns = array("username", "password", "password2", "email", "applydate", "ipaddress"); $arrValues = array($_POST['username'], $newPassword['password'], $newPassword['salt'], $_POST['email'], time(), $IP_ADDRESS); if ($this->addNew($arrColumns, $arrValues)) { $result = $this->MySQL->query("SELECT appcomponent_id FROM " . $this->MySQL->get_tablePrefix() . "app_components ORDER BY ordernum DESC"); while ($row = $result->fetch_assoc()) { $this->objAppComponent->select($row['appcomponent_id']); $this->objAppComponent->saveAppValue($this->intTableKeyValue); } $returnVal = true; $this->notifyManagers(); } } else { $_POST = filterArray($_POST); if ($this->objSignUpForm->prefillValues) { $this->objSignUpForm->prefillPostedValues(); } $_POST['submit'] = false; } return $returnVal; }
public function actionLogin($id = 0) { if (isset($_POST['password'])) { $pw = $_POST['password']; $id = (int) $_POST['server_id']; $server = Server::model()->findByPk((int) $id); if (!$server) { throw new CHttpException(404, Yii::t('mc', 'The requested page does not exist.')); } $this->net2FtpDefines(); global $net2ftp_result, $net2ftp_settings, $net2ftp_globals; require_once dirname(__FILE__) . '/../extensions/net2ftp/main.inc.php'; require_once dirname(__FILE__) . '/../extensions/net2ftp/includes/authorizations.inc.php'; $ftpSv = $this->getFtpServer($server); if (strlen($pw)) { $_SESSION['net2ftp_password_encrypted'] = encryptPassword($pw); $sessKey = 'net2ftp_password_encrypted_' . $ftpSv['ip'] . $this->getUsername($server); unset($_SESSION[$sessKey]); } Yii::log('Logging in to FTP server for server ' . $id); $this->redirect(array('ftpClient/browse', 'id' => $id)); } $ftpUser = FtpUser::model()->findByAttributes(array('name' => Yii::app()->user->name)); $daemons = array(); $serverList = array(); $sel = Yii::t('mc', 'Please select a server'); if ($ftpUser) { $c = new CDbCriteria(); $c->join = 'join `ftp_user_server` on `t`.`id`=`server_id`'; $c->condition = '`user_id`=? and `perms`!=\'\''; $c->params = array((int) $ftpUser->id); $svs = Server::model()->findAll($c); $serverList = array(0 => Yii::t('mc', 'Select')); foreach ($svs as $sv) { $dmn = Daemon::model()->findByPk($sv->daemon_id); $dmnInfo = array('ip' => '', 'port' => ''); if (!$dmn) { $dmnInfo['ip'] = Yii::t('mc', 'No daemon found for this server.'); } else { if (isset($dmn->ftp_ip) && isset($dmn->ftp_port)) { $dmnInfo = array('ip' => $dmn->ftp_ip, 'port' => $dmn->ftp_port); } else { $dmnInfo['ip'] = Yii::t('mc', 'Daemon database not up to date, please run the Multicraft installer.'); } } $daemons[$sv->id] = $dmnInfo; $serverList[$sv->id] = $sv->name; } } else { $serverList = array(0 => Yii::t('mc', 'No FTP account found')); $sel = Yii::t('mc', 'See the "Users" menu of your server for a list of FTP accounts'); } $this->render('login', array('id' => $id, 'havePw' => isset($_SESSION['net2ftp_password_encrypted']), 'serverList' => $serverList, 'daemons' => $daemons, 'sel' => $sel)); }
function set_password($new_password) { $returnVal = false; if ($this->intTableKeyValue != "") { $passwordInfo = encryptPassword($new_password); if ($this->update(array("password", "password2"), array($passwordInfo['password'], $passwordInfo['salt']))) { $returnVal = true; } } return $returnVal; }
function execSignup($username, $password, $confirmpw, $firstname, $lastname, $gender) { if ($username == "" || !isValidUsername($username)) { return "Username is empty or invalid!"; } if ($password == "" || !isValidPassword($password)) { return "Password is empty or invalid!"; } if ($confirmpw == "" || !isValidPassword($confirmpw)) { return "Confirm Password is empty or invalid!"; } if ($firstname == "" || !isValidName($firstname)) { return "First Name is empty or invalid!"; } if ($lastname == "" || !isValidName($lastname)) { return "Last Name is empty or invalid!"; } if ($gender == "" || !isValidGender($gender)) { return "Gender is empty or invalid!"; } $userDAO = new UserDAO(); //verify username exist $result = $userDAO->getUserByUsername($username); if ($result !== null) { return "Username exists, please change to another one!"; } //verify $password == $confirmpw if ($password != $confirmpw) { return "Password and Confirm Password must be same!"; } $roleDAO = new RoleDAO(); $role = $roleDAO->getRoleByID(3); //normal user $departmentDAO = new DepartmentDAO(); $depart = $departmentDAO->getDepartmentByID(1); //root department $encryptPW = encryptPassword($password); $photoURL = "photo/default.png"; $user = new User($role, $depart, $username, $encryptPW, $firstname, $lastname, $gender, $photoURL); if ($userDAO->insertUser($user) === true) { return true; } else { return "Insert user into table error, please contact administrator!"; } }
function execChangePW($password, $newpassword, $confirmpw) { if ($password == "" || $newpassword == "" || $confirmpw == "") { return "Please fill all the necessary information!"; } if (!isValidPassword($password) || !isValidPassword($newpassword)) { return "Please enter a valid password!"; } if ($newpassword !== $confirmpw) { return "The new password and the confirmed new password must be the same!"; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($_SESSION["userID"]); if (!verifyPassword($password, $user->getPassword())) { return "The old password you entered is not correct!"; } $encryptPW = encryptPassword($newpassword); $user->setPassword($encryptPW); $userDAO->updateUser($user); return true; }
function changePassword() { global $DB; global $MySelf; // sanitizing. $username = sanitize($MySelf->getUsername()); // Are we allowed to change our password? if (!$MySelf->canChangePwd()) { makeNotice("You are not allowed to change your password. Ask your CEO to re-enable this feature for your account.", "error", "Forbidden"); } // Passwords the very same? if ("{$_POST['password1']}" != "{$_POST['password2']}") { makeNotice("Your entered passwords do not match, please head back, and try again!", "error", "Password not changed", "index.php?action=changepw", "[retry]"); } // Passwords empty? if (empty($_POST[password1]) || empty($_POST[password2])) { makeNotice("You need to enter passwords in both fields!!", "error", "Password missing!", "index.php?action=changepw", "[retry]"); } /* * At this point we know that the user who submited the * password change form is both legit and the form was not tampered * with. Proceed with the password-change. */ // encode both supplied passwords with crypt. $password = encryptPassword("{$_POST['password1']}"); $oldpasswd = encryptPassword("{$_POST['password']}"); // Update the Database. global $IS_DEMO; if (!$IS_DEMO) { $DB->query("update users set password = '******' where username = '******' and password ='******'"); if ($DB->affectedRows() == 1) { makeNotice("Your password has been changed.", "notice", "Password change confirmed"); } else { makeNotice("Your password could not have been changed! Database error!", "error", "Password change failed"); } } else { makeNotice("Your password would have been changed. (Operation canceled due to demo site restrictions.)", "notice", "Password change confirmed"); } }
function editPassword($idUser, $pass_given, $new_pass) { if ($pass_given === $new_pass) { return false; } global $db; $stmt = $db->prepare('SELECT password FROM User WHERE idUser = :idUser'); $stmt->bindParam(':idUser', $idUser, PDO::PARAM_STR); $stmt->execute(); $result = $stmt->fetchAll(); if (count($result) === 0) { return false; } if (!decryptPassword($pass_given, $result[0]['password'])) { return false; } $passEnc = encryptPassword($new_pass, 20); $stmt = $db->prepare('UPDATE User SET password = :new_pass WHERE idUser = :idUser'); $stmt->bindParam(':idUser', $idUser, PDO::PARAM_STR); $stmt->bindParam(':new_pass', $passEnc, PDO::PARAM_STR); $stmt->execute(); return true; }
/** * @param $username * @param $userpass * @return bool|object * Login. */ function login($username, $userpass) { if ($username == "" || $userpass == "") { return false; } $salt = ""; $sql = "SELECT Salt, UserID FROM tbl_users WHERE Email = " . convertForInsert($username); $mysqli = new mysqli(Database::dbserver, Database::dbuser, Database::dbpass, Database::dbname); $rs = $mysqli->query($sql); while ($row = $rs->fetch_assoc()) { $userid = $row['UserID']; $salt = $row['Salt'] == "" ? generateSalt($userid) : $row['Salt']; } $salted = encryptPassword($userpass, $salt); $rs->free(); $mysqli->close(); $sql = "SELECT UserID, FirstName FROM tbl_users WHERE Email = " . convertForInsert($username) . " AND Password = "******"success" => true, "usertoken" => generateToken($row['UserID']), "userfirstname" => $row['FirstName']); return json_encode($data); } //return true; } }
function editUser() { // We need global variables and object. global $DB; global $MySelf; global $IS_DEMO; if ($IS_DEMO && $_POST[id] == "1") { makeNotice("The user would have been changed. (Operation canceled due to demo site restrictions.)", "notice", "Password change confirmed"); } // Are we allowed to Manage Users? if (!$MySelf->canManageUser()) { makeNotice("You are not allowed to edit Users!", "error", "forbidden"); } // Sanitize the ID $ID = sanitize($_POST[id]); $SELF = $MySelf->getID(); if (!is_numeric($ID)) { // Yikes! Non-Number! makeNotice("Variable is not numeric! (in editUser)", "error"); } // Load the dataset. $userDS = $DB->query("SELECT * FROM users WHERE id='{$ID}' LIMIT 1"); $user = $userDS->fetchRow(); // Non-admin tries to edit an admin, err no. if ($user[isAdmin] && !$MySelf->isAdmin()) { makeNotice("Only an Administrator may edit another Administrator. You do have the rights to edit users, but you are not allowed to modify an Administrators account.", "warning", "Insufficient rights!", "index.php?action=edituser&id={$ID}", "Cancel"); } // Do we want to delete the user? if ($_POST[delete] == "true") { if ($ID == $SELF) { makeNotice("You can not delete yourself! Why would you do such a thing? " . "Life is not that bad, c'mon...'", "warning", "Operation canceled", "index.php?action=edituser&id={$ID}", "get yourself together, man"); } // Are we allowed to delete users? if (!$MySelf->canDeleteUser()) { makeNotice("You are not authorized to do that!", "error", "Forbidden"); } // Get confirmation confirm("You are about to delete " . ucfirst(idToUsername($ID)) . ". Are you sure?"); $DB->query("UPDATE users SET deleted='1' WHERE id='{$ID}' LIMIT 1"); if ($DB->affectedRows() == 1) { makeNotice("The Account has been deleted.", "notice", "Account deleted", "index.php?action=editusers", "Back to editing Users"); } else { makeNotice("Error deleting the user!", "error"); } } // Activate the account, or disable it. if ("{$_POST['canLogin']}" == "on") { $DB->query("UPDATE users SET active='1' WHERE id ='{$ID}' LIMIT 1"); } else { if ($ID == $SELF) { makeNotice("You can not deactivate yourself!", "error", "Err..", "index.php?action=edituser&id={$ID}", "Back to yourself ;)"); } else { $DB->query("UPDATE users SET active='0' WHERE id ='{$ID}'"); } } // Confirm the account. if ("{$_POST['confirm']}" == "true") { $DB->query("UPDATE users SET confirmed='1' WHERE id ='{$ID}' LIMIT 1"); lostPassword($user[username]); $ADD = " Due to confirmation I have sent an email to the user with his password."; } // Force the users email to be valid. if ("{$_POST['SetEmailValid']}" == "true") { $DB->query("UPDATE users SET emailvalid='1' WHERE id ='{$ID}' LIMIT 1"); } global $IS_DEMO; if (!$IS_DEMO) { // Set the new email. if (!empty($_POST[email])) { $email = sanitize("{$_POST['email']}"); $DB->query("UPDATE users SET email='{$email}' WHERE id ='{$ID}'"); } // Set the new Password. if (!empty($_POST[password])) { $password = encryptPassword(sanitize("{$_POST['password']}")); $DB->query("UPDATE users SET password='******' WHERE id ='{$ID}'"); } // Change (shudder) the username. if ($_POST[username_check] == "true" && $_POST[username] != "") { if ($MySelf->isAdmin() && $MySelf->canManageUser()) { // Permissions OK. $new_username = sanitize($_POST[username]); // Check for previously assigned username $count = $DB->getCol("SELECT COUNT(username) FROM users WHERE username='******'"); if ($count[0] > 0) { // Username exists already. makeNotice("The new username \"{$new_username}\" already exists. Unable to complete operation.", "error", "Username exists!"); } else { // Username free. Update DB. $DB->query("UPDATE users SET username='******' WHERE ID='" . $ID . "' LIMIT 1"); // Check for failure, not success. if ($DB->affectedRows() != 1) { // Something is wrong :( makeNotice("DB Error: Internal Error: Unable to update the username.", "error", "Internal Error"); } } } else { // Insufficient permissions makeNotice("Inusfficient rights to change username.", "error", "Insufficient Rights"); } } } // Are we allowed to edit ranks? if ($MySelf->canEditRank()) { // Set the new Rank. if (is_numeric($_POST[rank]) && $_POST[rank] >= 0) { $rank = sanitize("{$_POST['rank']}"); $DB->query("UPDATE users SET rank='{$rank}' WHERE id ='{$ID}'"); } // toggle the opt-in setting. // Its a checkbox. So we have to endure the pain. if ($_POST[optIn]) { $state = 1; } else { $state = 0; } $DB->query("UPDATE users SET optIn='{$state}' WHERE id='{$ID}' LIMIT 1"); // Do the permissions. $permissions = array("canLogin", "canJoinRun", "canCreateRun", "canCloseRun", "canDeleteRun", "canAddHaul", "canChangePwd", "canChangeEmail", "canChangeOre", "canAddUser", "canSeeUsers", "canDeleteUser", "canEditRank", "canManageUser", "canSeeEvents", "canEditEvents", "canDeleteEvents", "isLottoOfficial", "canPlayLotto", "isOfficial", "isAdmin", "isAccountant"); // Loop through each of the resources. foreach ($permissions as $perm) { // Convert the html "on" to "1" and "0", respectively if ($_POST[$perm] == "on") { $state = "1"; } else { $state = "0"; } // Update the database. $DB->query("UPDATE users SET {$perm}='{$state}' WHERE id ='{$ID}'"); } } makeNotice("User data has been updated. {$ADD}", "notice", "User updated", "index.php?action=edituser&id={$ID}", "[OK]"); }
function dbCheckUser(&$session, $user, $code) { global $session_user; $session->trace(TC_Db1, 'dbCheckUser'); $uid = dbUserId($session, $user); if (!$uid) { $rc = 1; } else { $fields = dbSingleRecord($session, 'select id,code,rights,locked,theme,width,height,maxhits,postingsperpage,' . 'threadsperpage,startpage from ' . dbTable($session, "user") . ' where name="' . $user . '";'); if ($fields == null) { $rc = 1; } elseif ($fields[1] == '') { $rc = 0; } else { $code = encryptPassword($session, $user, $code); $rc = true || strcmp($code, $fields[1]) == 0 ? 0 : 2; } } // $count != 0 switch ($rc) { case 1: $rc = "Nicht definiert: {$user}"; break; case 2: $rc = "Passwort nicht korrekt!"; break; case 3: $rc = "Benutzer gesperrt!"; break; default: $rc = ''; $session_user = $fields[0]; $session->setUserData($session_user, $user, $fields[2], $fields[4], $fields[5], $fields[6], $fields[7], $fields[8], $fields[9], $fields[10]); $session->setMacros(); break; } return $rc; }
$response = select_from_table('person', 'idPerson', $params); //echo $response; $response = json_decode($response, true); if (!empty($response)) { $id = $response[0]['idPerson']; } } //If ID is not set, then exit with message if (!isset($id)) { echo "E-Mail {$email} does not exist"; } //Create a random password $password = generateRandomString('5'); echo $password; //Hash the password provided $hash = encryptPassword($password); //Save new password for user //If already exists, then update password and if not insert record $params = array(); $response = null; $params = add_where('idPerson', $id, $params); $response = select_from_table('password', 'idPerson', $params); //echo $response; if (empty(json_decode($response, true))) { //Insert $record = array(); $records = array(); $record = add_field('idPerson', $id, $record); $record = add_field('password', $hash, $record); $record = add_field('misses', "0", $record); $record = add_field('locked', "0", $record);
$sContents = str_replace("#xmlUrl#", $sRayXmlUrl, $sContents); $sContents = str_replace("#desktopUrl#", $sModulesUrl . $sModule . "/", $sContents); break; case 'userAuthorize': $sResult = loginUser($sId, $sPassword); $sContents = parseXml($aXmlTemplates['result'], $sResult == TRUE_VAL ? TRUE_VAL : "msgUserAuthenticationFailure"); if ($sResult == TRUE_VAL) { $sContents .= parseXml($aXmlTemplates['status'], getUserStatus($sId)); $sContents .= getAvailableStatuses(); saveUsers(array('online' => array(), 'offline' => array())); } break; case 'login': $sContents = parseXml($aXmlTemplates['result'], "msgUserAuthenticationFailure", FAILED_VAL); $sId = getIdByNick($sNick); $sPassword = encryptPassword($sId, $sPassword); if (loginUser($sNick, $sPassword, true) == TRUE_VAL) { $aUserInfo = getUserInfo($sId); login($sId, $sPassword); $sContents = parseXml($aXmlTemplates['result'], $sId, SUCCESS_VAL, $sPassword); } break; case 'logout': logout($sId); $sContents = parseXml($aXmlTemplates['result'], "", SUCCESS_VAL); break; case "getUsers": $bInit = true; case "updateUsers": if (!isset($bInit)) { $bInit = false;
function render($renderType, $args = array()) { global $_TABLES, $self, $configs, $LANG_CHARSET, $LANG_DIRECTION, $lang; header('Content-Type: text/html; charset=' . $LANG_CHARSET); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html dir="<?php echo isset($LANG_DIRECTION) ? $LANG_DIRECTION : 'ltr'; ?> "> <head> <title><?php e(1); ?> </title> <?php printHtmlStyle(); ?> <?php printJs(); ?> </head> <body> <div class="main center"> <div class="header-navigation-container"> <div class="header-navigation-line"> <a href="index.php" class="header-navigation"><?php e(2); ?> </a> <?php echo langSelector(); ?> </div> </div> <h1><?php e(3); ?> </h1> <div class="box important"> <p><?php e(4); ?> </p> </div> <?php if (!empty($args['statusMessage'])) { ?> <div class="box <?php echo trim($args['result']); ?> "> <strong><?php e(5); ?> :</strong> <?php echo $args['statusMessage']; ?> </div> <?php } ?> <?php if ($renderType == 'passwordForm') { ?> <h2><?php e(6); ?> </h2> <div class="password_form"> <div class="box"> <span class="message"><?php e(7); ?> </span> <form id="loginForm" method="post"> <?php e(8); ?> :<input type="password" name="gl_password" /> <script type="text/javascript"> document.getElementById('loginForm')['gl_password'].focus(); </script> <input type="submit" value="<?php e(9); ?> " onclick="this.disabled=true;this.form.submit();" /> <input type="hidden" name="lang" value="<?php echo $lang; ?> " /> </form> <?php if (!empty($args['incorrectPassword'])) { ?> <div class="error"> <?php e(10); ?> </div> <?php } ?> </div> </div> <?php } elseif ($renderType == 'handleRequest') { $sql = sprintf("%s %s SET %s = '%s' WHERE %s = '%s'", $args['operation'], $_TABLES[$args['table']], $args['field'], trim($_POST['value']), $args['where'], trim($_POST['target'])); $enable = trim($_POST['value']) ? s(11) : s(12); $success = DB_query($sql) ? s(13) : s(14); $url = $self . '?view=options&args=result:' . urlencode($success) . '|statusMessage:' . urlencode($success . $enable . trim($_POST['target'])) . '&lang=' . urlencode($lang); echo "<html><head><meta http-equiv=\"refresh\" content=\"0; URL={$url}\"></head></html>" . LB; ?> <?php } elseif ($renderType == 'updateConfigs') { foreach ($configs as $config) { $sql = sprintf("UPDATE %s SET value = '%s' WHERE name = '%s'", $_TABLES['conf_values'], serialize($_POST[$config]), $config); if (DB_query($sql)) { continue; } else { $url = $self . '?view=options&args=result:error|statusMessage:' . urlencode(s(15)) . '&lang=' . urlencode($lang); echo "<html><head><meta http-equiv=\"refresh\" content=\"0; URL={$url}\"></head></html>" . 'LB'; exit; } } $url = $self . '?view=options&args=result:success|statusMessage:' . urlencode(s(16)) . '&lang=' . urlencode($lang); echo "<html><head><meta http-equiv=\"refresh\" content=\"0; URL={$url}\"></head></html>" . 'LB'; ?> <?php } elseif ($renderType == 'updateEmail') { $passwd = rand(); $passwd = md5($passwd); $passwd = substr($passwd, 1, 8); $username = DB_getItem($_TABLES['users'], 'username', "uid = '2'"); $sql = sprintf("UPDATE %s SET passwd = '%s' WHERE username = '******'", $_TABLES['users'], encryptPassword($passwd), $username); if (!DB_query($sql)) { $url = $self . '?view=options&args=result:error|statusMessage:' . urlencode(s(17)) . '&lang=' . urlencode($lang); echo "<html><head><meta http-equiv=\"refresh\" content=\"0; URL={$url}\"></head></html>" . LB; exit; } $email = DB_getItem($_TABLES['users'], 'email', "uid = '2'"); $site_url = unserialize(DB_getItem($_TABLES['conf_values'], 'value', "name = 'site_url'")); $to = $email; $subject = s(18); $message = sprintf(' <html> <head> <title>' . s(19) . '</title> </head> <body> <p>' . s(20) . '</p> <p>' . s(21) . '</p> </body> </html> ', $passwd, $username, $site_url); $headers = 'MIME-Version: 1.0' . CRLB; $headers .= 'Content-type: text/html; charset=' . $LANG_CHARSET . CRLB; $headers .= 'X-Mailer: PHP/' . phpversion(); if (mail($to, $subject, $message, $headers)) { $url = $self . '?view=options&args=result:success|statusMessage:' . urlencode(s(22)) . '&lang=' . urlencode($lang); echo "<html><head><meta http-equiv=\"refresh\" content=\"0; URL={$url}\"></head></html>\n"; exit; } else { $url = $self . '?view=options&args=result:error|statusMessage:' . urlencode(s(23) . $subject) . '&lang=' . urlencode($lang); echo "<html><head><meta http-equiv=\"refresh\" content=\"0; URL={$url}\"></head></html>\n"; exit; } ?> <?php } elseif ($renderType == 'phpinfo') { ?> <h2><?php e(24); ?> </h2> <ul><li><a href="javascript:self.location.href='<?php echo $self . '?lang=' . urlencode($lang); ?> ';"> <?php e(25); ?> </a></li></ul> <div class="info"> <?php phpinfo(); ?> </div> <ul><li><a href="javascript:self.location.href='<?php echo $self . '?lang=' . urlencode($lang); ?> ';"> <?php e(25); ?> </a></li></ul> <?php } elseif ($renderType == 'options') { ?> <h2><?php e(26); ?> </h2> <div class="info"> <ul> <li><?php e(27); ?> : <?php echo phpversion(); ?> <a href="<?php echo $self; ?> ?view=phpinfo<?php echo '&lang=' . urlencode($lang); ?> "> <small>phpinfo</small></a></li> <li><?php e(28); ?> <?php echo VERSION; ?> </li> </ul> </div> <h2><?php e(29); ?> </h2> <p style="margin-left:5px;"><?php e(30); ?> </p> <ul class="option"> <li><a href="javascript:toggle('plugins')"><?php e(31); ?> </a></li> <li><a href="javascript:toggle('blocks')"><?php e(32); ?> </a></li> <li><a href="javascript:toggle('conf')"><?php e(33); ?> </a></li> <li><a href="javascript:toggle('pass')"><?php e(34); ?> </a></li> </ul> <div id="plugins" name="options" class="box option" style="display: none;"> <h3><?php e(35); ?> </h3> <form id="plugin-operator" method="post"> <select name="target" onchange="toggleRadio(this.options[this.selectedIndex].getAttribute('class') == 'disabled', this.form.elements['value']);"> <option selected="selected" value=""><?php e(36); ?> </option> <?php $result = DB_query("SELECT * FROM {$_TABLES['plugins']}"); while ($A = DB_fetchArray($result)) { $class = $A['pi_enabled'] == 0 ? 'class="disabled"' : ''; echo '<option ' . $class . ' value="' . $A['pi_name'] . '">' . $A['pi_name'] . '</option>' . "\n"; } ?> </select> <input type="radio" name="value" id="enable_plugin" value="1" /><label for="enable_plugin"><?php e(37); ?> </label> <input type="radio" name="value" id="disable_plugin" value="0" checked="checked" /><label for="disable_plugin"><?php e(38); ?> </label><br /> <input type="hidden" name="view" value="handleRequest" /> <input type="hidden" name="args" value="operation:UPDATE|table:plugins|field:pi_enabled|where:pi_name" /> <input type="submit" value="<?php e(41); ?> " onclick="this.disabled=true;this.form.submit();" /> </form> <p> </p> </div> <div id="blocks" name="options" class="box option" style="display: none;"> <h3><?php e(39); ?> </h3> <form id="block-operator" method="post"> <select name="target" onchange="toggleRadio(this.options[this.selectedIndex].getAttribute('class') == 'disabled', this.form.elements['value']);"> <option selected="selected" value=""><?php e(40); ?> </option> <?php $result = DB_query("SELECT * FROM {$_TABLES['blocks']}"); while ($A = DB_fetchArray($result)) { $class = $A['is_enabled'] == 0 ? 'class="disabled"' : ''; echo '<option ' . $class . ' value="' . $A['name'] . '">' . $A['title'] . '</option>' . "\n"; } ?> </select> <input type="radio" name="value" id="enable_block" value="1" /><label for="enable_block"><?php e(37); ?> </label> <input type="radio" name="value" id="disable_block" value="0" checked="checked" /><label for="disable_block"><?php e(38); ?> </label><br /> <input type="hidden" name="table" value="blocks" /> <input type="hidden" name="view" value="handleRequest" /> <input type="hidden" name="args" value="operation:UPDATE|table:blocks|field:is_enabled|where:name" /> <input type="submit" value="<?php e(41); ?> " onclick="this.disabled=true;this.form.submit();" /> </form> <p> </p> </div> <div id="conf" name="options" class="box option" style="display: none;"> <h3><?php e(42); ?> </h3> <form id="config-operator" method="post" action="<?php echo $self . '?view=updateConfigs' . '&lang=' . urlencode($lang); ?> " /> <?php foreach ($configs as $config) { $sql = "SELECT value FROM {$_TABLES['conf_values']} WHERE name ='{$config}' LIMIT 1"; $res = DB_query($sql); $row = DB_fetchArray($res); ?> <fieldset><legend><?php echo $config; ?> :</legend><input type="text" size="80" id="<?php echo $config; ?> " name="<?php echo $config; ?> " value="<?php echo unserialize($row['value']); ?> " /></fieldset> <?php } ?> <input type="submit" value="<?php e(41); ?> " onclick="this.disabled=true;this.form.submit();" /> </form> <p> </p> </div> <div id="pass" name="options" class="box option" style="display: none;"> <h3><?php e(43); ?> </h3> <form id="config-operator" method="post" action="<?php echo $self . '?view=updateEmail' . '&lang=' . urlencode($lang); ?> " /> <input type="submit" value="<?php e(44); ?> " onclick="this.disabled=true;this.form.submit();" /> </form> <p> </p> </div> <?php } ?> <div class="box important"> <p><?php e(4); ?> </p> </div> </div> </body> </html> <?php }
function requestAccount() { // globals global $DB; global $MySelf; global $TIMEMARK; global $MB_EMAIL; // Generate random Password $PASSWORD = base64_encode(rand(111111111111.0, 999999999999.0)); $PASSWORD_ENC = encryptPassword($PASSWORD); // Sanitize the input. $NEW_USER = strtolower(sanitize($_POST[username])); // supplied new username. // Lets prevent adding multiple users with the same name. if (userExists($NEW_USER)) { makeNotice("Your account was not created because there is already an account with the same username. Please pick another. " . "If you forgot your password, please use the password recovery link on the login page.", "error", "Account not created"); } // So we have a username? if (strlen($_POST[username]) < 3) { makeNotice("Your username must be longer than 3 letters.", "error", "Invalid Username"); } // Let me rephrase: Do we have a VALID username? if (!ctypeAlnum($_POST[username])) { makeNotice("Only characters a-z, A-Z, 0-9 and spaces are allowed as username.", "error", "Invalid Username"); } // So we have an email address? if (empty($_POST[email])) { // We dont! makeNotice("You need to supply an email address!", "error", "Account not created"); } else { // We do. Clean it. $NEW_EMAIL = sanitize($_POST[email]); // Valid one, too? if (!checkEmailAddress($NEW_EMAIL)) { makeNotice("You need to supply a valid email address!", "error", "Account not created"); } } // Is it the very first account? $count = $DB->query("SELECT * FROM users"); if ($count->numRows() == 0) { $temp = $DB->query("INSERT INTO `users` (`username`, `password`, `email`, `addedby`," . " `lastlogin`, `confirmed`, `emailvalid`, `emailcode`, `optIn`, `canLogin`," . " `canJoinRun`, `canCreateRun`, `canCloseRun`, `canDeleteRun`, `canAddHaul`," . " `canChangePwd`, `canChangeEmail`, `canChangeOre`, `canAddUser`, `canSeeUsers`," . " `canDeleteUser`, `canEditRank`, `canManageUser`, `canEditEvents`, `canDeleteEvents`," . " `canSeeEvents`, `isOfficial`, `isLottoOfficial`, `isAccountant`, `preferences`, `isAdmin`, `rank`) " . "VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)", array(stripcslashes($NEW_USER), $PASSWORD_ENC, $NEW_EMAIL, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1)); // Check for success, catch database errors. if (gettype($temp) != "DB_Error" && $DB->affectedRows() == 1) { // Success! New superuser created, send a confirmation email. $email = "Superuser information: Username " . stripcslashes($NEW_USER) . ", Password {$PASSWORD} - change this as soon as possible!"; global $VERSION; $headers = "From:" . $MB_EMAIL; mail("{$NEW_EMAIL}", "Superuser login information (" . $VERSION . ")", $email, $headers); unset($email); // Inform the user. makeNotice("New Superuser created:<br>Username: "******"<br>Password: {$PASSWORD}"); } else { // Something went wrong! makeNotice("Failed creating the superuser!<br><br>" . $temp->getMessage(), "error", "Database Error!"); } } else { // Lets avoid multiple accounts per email address! $otherAccsDS = $DB->query("SELECT COUNT(email) AS count FROM users WHERE email = '{$NEW_EMAIL}' "); $otherAccs = $otherAccsDS->fetchRow(); if ($otherAccs[count] > 0) { makeNotice("There is already an account with your supplied eMail address. If you lost " . "your password please use the password recovery feature.", "error", "Account not requested", "index.php", "[cancel]"); } // Inser the new user into the database! $CODE = rand(111111111111.0, 9999999999999.0); $DB->query("insert into users (username, password, email, " . "addedby, emailcode) " . "values (?, ?, ?, ?, ?)", array(stripcslashes($NEW_USER), "{$PASSWORD_ENC}", "{$NEW_EMAIL}", $MySelf->getID(), "{$CODE}")); // Were we successful? if ($DB->affectedRows() == 0) { // No! makeNotice("Could not create user!", "error"); } else { // Load more globals global $SITENAME; global $URL; global $VERSION; // Assemble the activation url. $ACTIVATE = $URL . "/index.php?action=activate&code={$CODE}"; // Send a confirmation email $EMAIL = getTemplate("accountrequest", "email"); $EMAIL = str_replace("{{IP}}", "{$_SERVER['REMOTE_ADDR']}", $EMAIL); $EMAIL = str_replace("{{URL}}", "{$URL}", $EMAIL); $EMAIL = str_replace("{{DATE}}", date("r", $TIMEMARK), $EMAIL); $EMAIL = str_replace("{{ACTIVATE}}", "{$ACTIVATE}", $EMAIL); $EMAIL = str_replace("{{CORP}}", "{$SITENAME}", $EMAIL); $to = $NEW_EMAIL; $DOMAIN = $_SERVER['HTTP_HOST']; $headers = "From:" . $MB_EMAIL; mail($to, $VERSION, $EMAIL, $headers); makeNotice("A confirmation email has been sent to your supplied email address.<br>Please follow the instructions therein.", "notice", "Account created"); } } }
function baseAccountAnswer(&$session, $user) { global $account_user, $account_code, $account_code2, $account_email, $account_rights, $account_locked, $account_new, $account_change, $account_name, $account_other, $account_user2, $account_theme, $account_width, $account_height, $account_maxhits, $account_startpage, $account_startpageoffer; $session->trace(TC_Gui1, 'baseAccountAnswer'); $message = ''; $code = encryptPassword($session, $account_user, $account_code); $locked = dbSqlString($session, !empty($account_locked)); if (!empty($account_startpageoffer)) { $account_startpage = $account_startpageoffer; } if (isset($account_new)) { if ($account_user2 == '') { $message = '+++ Kein Benutzername angegeben'; } elseif (dbGetValueByClause($session, T_User, 'count(*)', 'name=' + dbSqlString($session, $account_user)) > 0) { $message = '+++ Name schon vorhanden: ' + $account_user2; } else { $uid = dbUserAdd($session, $account_user2, $code, $session->fUserRights, dbSqlString($session, false), $account_theme, $account_width, $account_height, $account_maxhits, $account_startpage, $account_email); modUserStoreData($session, true, $uid); $message = "Benutzer {$account_user2} wurde angelegt. ID: " . $uid; } } elseif (isset($account_change)) { if (!empty($account_code) && $account_code != $account_code2) { $message = '+++ Passwort stimmt mit Wiederholung nicht überein'; } elseif (!($uid = dbUserId($session, $account_user)) || empty($uid)) { $message = '+++ unbekannter Benutzer: ' . $account_name; } elseif (($message = modUserCheckData($session, true, $uid)) != null) { } else { if (empty($account_theme)) { $account_theme = Theme_Standard; } $what = 'rights=' . dbSqlString($session, $account_rights) . ',locked=' . $locked . ','; if (!empty($account_code)) { $what .= 'code=' . dbSqlString($session, $code) . ","; } $what .= "theme={$account_theme},width={$account_width}," . 'height=' . (0 + $account_height) . ',maxhits=' . (0 + $account_maxhits) . ',startpage=' . dbSqlString($session, $account_startpage) . ',email=' . dbSqlString($session, $account_email) . ','; dbUpdate($session, T_User, $uid, $what); modUserStoreData($session, false, $uid); $message = 'Daten für ' . $account_user . ' (' . $uid . ') wurden geändert'; } } elseif ($account_other) { if (empty($account_user2)) { $message = '+++ kein Benutzername angegeben'; } elseif (!dbUserId($session, $account_user2)) { $message = '+++ Unbekannter Benutzer: ' . $account_user2; } } else { $message = 'keine Änderung'; } baseAccount($session, $message); }
<?php //客户端先实现密码加密后传给服务器,服务器再进行加密存入库 (适合支付密码,普通账户登录密码,修改密码,注册密码等) function encryptPassword($password) { //客户端加密算法 $sTmp1 = md5($password); $sTmp2 = strrev($sTmp1) . 'paf'; $sResult = md5($sTmp2); return $sResult; } #比较密码是否正确页是用该算法 function encryptPasswordDb($password) { //根据加密后的串,再进行加密入库 } echo encryptPassword('aaz123456');
function lostPassword($user = "", $reason = "lost") { // load the globals. global $DB; global $VERSION; global $SITENAME; global $MB_EMAIL; if (empty($user)) { // Has the user entered both username and email in the form? if ("{$_POST['username']}" == "" || "{$_POST['email']}" == "") { // no! makeNotice("You need to enter both an username and eMail!", "error"); } // Sanitize $POST_USERNAME = sanitize("{$_POST['username']}"); $POST_EMAIL = sanitize("{$_POST['email']}"); } else { // Look up the email address for the user. $POST_USERNAME = strtolower(sanitize("{$user}")); $results = $DB->getAssoc("select username, email from users where username='******' AND deleted='0' limit 1"); $POST_EMAIL = $results[$user]; } // Fetch los resultos! Ole! $results = $DB->query("select * from users where username='******' and email='{$POST_EMAIL}' AND deleted='0' limit 1"); // Have we hit something? if ($results->numRows() == "0") { // No! No such user! makeNotice("No such record or username and/or eMail wrong!", "error"); } // Create random new pass and salt it. $newpass = base64_encode(rand(1111111111, 9999999999.0)); $newpass_crypt = encryptPassword($newpass); // Fill the template. while ($row = $results->fetchRow()) { if ("{$row['confirmed']}" == 0) { makeNotice("Your account has not yet been confirmed by your CEO yet!", "error"); } $email = getTemplate("lostpass", "email"); $email = str_replace("{{USERNAME}}", $row[username], $email); $email = str_replace("{{IP}}", $_SERVER[REMOTE_ADDR], $email); $email = str_replace("{{VERSION}}", $VERSION, $email); $email = str_replace("{{SITENAME}}", $SITENAME, $email); $email = str_replace("{{NEWPASS}}", $newpass, $email); // Remember the email. We dont want to use the supplied one. $to = $row[email]; } // Set the new password into the database. $DB->query("update users set password = '******' where username='******' and email='{$POST_EMAIL}'"); // mail it. $DOMAIN = $_SERVER['HTTP_HOST']; $headers = "From:" . $MB_EMAIL; if ("{$to}" == "") { makeNotice("Internal Error: No valid email found in lostPassword!", "error"); } else { mail($to, $VERSION, $email, $headers); } // print success page. if (empty($user)) { makeNotice("A new password has been mailed to you.", "notice", "Password sent"); } }
$net2ftp_globals["username"] = validateUsername($_POST["username"]); } elseif (isset($_GET["username"]) == true) { $net2ftp_globals["username"] = validateUsername($_GET["username"]); } else { $net2ftp_globals["username"] = validateUsername(""); } $net2ftp_globals["username_html"] = htmlEncode2($net2ftp_globals["username"]); $net2ftp_globals["username_url"] = urlEncode2($net2ftp_globals["username"]); $net2ftp_globals["username_js"] = javascriptEncode2($net2ftp_globals["username"]); // ---------------------------------------------- // Password // ---------------------------------------------- // From login form if (isset($_POST["password"]) == true) { $net2ftp_globals["password_encrypted"] = encryptPassword(trim($_POST["password"])); $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = encryptPassword(trim($_POST["password"])); $_SESSION["net2ftp_session_id_old"] = $_SESSION["net2ftp_session_id_new"]; } elseif (isset($_GET["password_encrypted"]) == true) { $net2ftp_globals["password_encrypted"] = trim($_GET["password_encrypted"]); $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = trim($_GET["password_encrypted"]); $_SESSION["net2ftp_session_id_old"] = $_SESSION["net2ftp_session_id_new"]; } // ---------------------------------------------- // Language // ---------------------------------------------- if (isset($_POST["language"]) == true) { $net2ftp_globals["language"] = validateLanguage($_POST["language"]); } elseif (isset($_GET["language"]) == true) { $net2ftp_globals["language"] = validateLanguage($_GET["language"]); } else { $net2ftp_globals["language"] = validateLanguage("");
$path = str_replace(chr(0), '', $path); // prevent go out of the workspace while (strpos($path, '../') !== false) { $path = str_replace('../', '', $path); } return $path; } ////////////////////////////////////////////////////////////////////// // Verify no overwrites ////////////////////////////////////////////////////////////////////// if (!file_exists($users) && !file_exists($projects) && !file_exists($active)) { ////////////////////////////////////////////////////////////////// // Get POST responses ////////////////////////////////////////////////////////////////// $username = cleanUsername($_POST['username']); $password = encryptPassword($_POST['password']); $project_name = $_POST['project_name']; if (isset($_POST['project_path'])) { $project_path = $_POST['project_path']; } else { $project_path = $project_name; } $timezone = $_POST['timezone']; ////////////////////////////////////////////////////////////////// // Create Projects files ////////////////////////////////////////////////////////////////// $project_path = cleanPath($project_path); if (!isAbsPath($project_path)) { $project_path = str_replace(" ", "_", preg_replace('/[^\\w-\\.]/', '', $project_path)); mkdir($workspace . "/" . $project_path); } else {
$login = $_POST['login']; $email = $_POST['email']; include "connect.php"; $result = mysql_query("SELECT * FROM {$db_table} WHERE {$db_columnUser}='{$login}'") or die("Запрос к базе завершился ощибкой."); $myrow = mysql_fetch_array($result); if (empty($myrow[$db_columnId]) or $myrow[$db_columnId] == '') { $err = "Акаунт <b>" . $login . "</b> не существует или введен неправильный e-mail."; } else { if (empty($myrow[$db_columnEmail]) or $myrow[$db_columnEmail] == '') { $err = "У акаунта <b>" . $login . "</b> не установлен e-mail для востановления пароля."; } else { if ($myrow[$db_columnEmail] == $email) { $datenow = date('YmdHis'); $new_password = md5($datenow); $new_password = substr($new_password, 2, 6); $new_password_sh = encryptPassword($new_password); mysql_query("UPDATE {$db_table} SET {$db_columnPass}='{$new_password_sh}' WHERE {$db_columnUser}='{$login}'") or die("Запрос к базе завершился ощибкой."); $message = "Здравствуйте, " . $login . "! \nВаш новый пароль: " . $new_password . " \nВы сможете войти на сайт используя его. После входа желательно его сменить."; mail($email, "Восстановление пароля", $message, "From: {$from} \r\n"); $info = 'На Ваш e-mail отправлено письмо с паролем. Вы будете перенаправлены на главную страницу через 5 секунд.'; echo '<br /><p class="ok">' . $info . '<br /></p>'; echo "<meta http-equiv='refresh'; content='5; url=index.php'> "; } else { $err = "Акаунт <b>" . $login . "</b> не существует или введен неправильный e-mail."; } } } } } } if (!empty($err)) {
function sendPassword(&$session, $id, $user, $email) { $session->trace(TC_Util1, "sendPassword"); $password = createPassword($session, 6); dbUpdate($session, T_User, $id, 'code=' . dbSqlString($session, encryptPassword($session, $user, $password)) . ','); mail($email, 'Deine Anmeldedaten für den Infobasar', 'Es wurde ein neues Passwort erzeugt:' . "\n{$password}\n" . 'Bitte nach dem Anmelden das Passwort wieder ändern'); }
} if (strcmp($realPass, $checkPass) == 0) { if (!empty($_POST['newpass'])) { $newpass = $_POST['newpass']; $newrepass = $_POST['newrepass']; if (ereg("[^0-9a-zA-Z_-]", $newpass, $Txt)) { $err = "Новый пароль введен не корректно."; } elseif (ereg("[^0-9a-zA-Z_-]", $newrepass, $Txt)) { $err = "Повтор нового пароля введен не корректно."; } else { if (strlen($newpass) < 4 or strlen($newpass) > 15) { $err = "Новый пароль должен содержать не меньше 4 символов и не больше 15."; } elseif ($newpass != $newrepass) { $err = "Пароли не совпадают."; } else { $newpass = encryptPassword($newpass); mysql_query("UPDATE {$db_table} SET {$db_columnPass}='{$newpass}' WHERE {$db_columnId}='{$_SESSION['id']}'") or die("Запрос к базе завершился ощибкой."); $info = "Пароль успешно изменен."; echo '<br /><p class="ok">' . $info . '<br /></p>'; } } } if (!empty($_POST['email'])) { $email = $_POST['email']; if (!validatemail($email)) { $err = "E-mail введен не корректно."; } else { mysql_query("UPDATE {$db_table} SET {$db_columnEmail}='{$email}' WHERE {$db_columnId}='{$_SESSION['id']}'") or die("Запрос к базе завершился ощибкой."); $info = "E-mail успешно изменен."; echo '<br /><p class="ok">' . $info . '<br /></p>'; }
function baseAccountAnswer(&$session, $user) { $session->trace(TC_Gui1, 'baseAccountAnswer'); $message = ''; $code = encryptPassword($session, $_POST['account_user'], $_POST['account_code']); $locked = dbSqlString($session, !empty($_POST['account_locked'])); if (!empty($_POST['account_startpageoffer'])) { $_POST['account_startpage'] = $_POST['account_startpageoffer']; } if (isset($_POST['account_new'])) { if ($_POST['account_user2'] == '') { $message = '+++ Kein Benutzername angegeben'; } elseif (dbGetValueByClause($session, T_User, 'count(*)', 'name=' + dbSqlString($session, $_POST['account_user'])) > 0) { $message = '+++ Name schon vorhanden: ' + $_POST['account_user2']; } else { $uid = dbUserAdd($session, $_POST['account_user2'], $code, dbSqlString($session, false), $_POST['account_theme'], $_POST['account_width'], $_POST['account_height'], $_POST['account_maxhits'], $_POST['account_startpage'], $_POST['account_email']); modUserStoreData($session, true, $uid); $message = 'Benutzer ' . $_POST['account_user2'] . ' wurde angelegt. ID: ' . $uid; } } elseif (isset($_POST['account_change'])) { if (!empty($_POST['account_code']) && $_POST['account_code'] != $_POST['account_code2']) { $message = '+++ Passwort stimmt mit Wiederholung nicht überein'; } elseif (!($uid = dbUserId($session, $_POST['account_user'])) || empty($uid)) { $message = '+++ unbekannter Benutzer: ' . $_POST['account_name']; } elseif (($message = modUserCheckData($session, true, $uid)) != null) { } else { if (empty($_POST['account_theme'])) { $_POST['account_theme'] = Theme_Standard; } $what = 'locked=' . $locked . ','; if (!empty($_POST['account_code'])) { $what .= 'code=' . dbSqlString($session, $code) . ","; } $what .= 'theme=' . $_POST['account_theme'] . ',width=' . (0 + $_POST['account_width']) . ',height=' . (0 + $_POST['account_height']) . ',maxhits=' . (0 + $_POST['account_maxhits']) . ',startpage=' . dbSqlString($session, $_POST['account_startpage']) . ',email=' . dbSqlString($session, $_POST['account_email']) . ','; dbUpdate($session, T_User, $uid, $what); modUserStoreData($session, false, $uid); $message = 'Daten für ' . $_POST['account_user'] . ' (' . $uid . ') wurden geändert'; } } elseif ($_POST['account_other']) { if (empty($_POST['account_user2'])) { $message = '+++ kein Benutzername angegeben'; } elseif (!dbUserId($session, $_POST['account_user2'])) { $message = '+++ Unbekannter Benutzer: ' . $_POST['account_user2']; } } else { $message = 'keine Änderung'; } baseAccount($session, $message); }
// Mysql_num_row is counting table row $count = mysqli_num_rows($result); if ($count >= 1) { echo "registered"; } else { $_SESSION["newPhotographerEmail"] = $txtEmail; $_SESSION["newPhotographerPassword"] = $txtPassword; //Query for inserting record in photographer master. $insert_slq_photographer_master = "INSERT INTO {$table_photographer_master}\n\t\t(`{$field_photographer_email}`,\n\t\t\t`{$field_photographer_registered}`\n\t\t\t) VALUES (\n\t\t\t'{$txtEmail}', \n\t\t\tCURRENT_TIMESTAMP)"; //Performing the insert query in database mysqli_query($con, $insert_slq_photographer_master); //Extracting the variables from post. $txtPhotographerId = mysqli_insert_id($con); $_SESSION["newPhotgrapherId"] = $txtPhotographerId; //Creating the different salt $txtSalt = createSalt(); //Generating the encrypted password from password inserted by the user //and genereted salt. $txtHashPassword = encryptPassword($txtPassword, $txtSalt); //Query for inserting record in photographer login. $insert_sql_photographer_login = "******"; //Performing the insert query in database mysqli_query($con, $insert_sql_photographer_login); echo "nextStep"; } } //else { //setcookie("cookieEmail",$txtEmail); //setcookie("cookiePassword", $txtPassword); //header("location:photographerRegistration_step2.php"); //}
// Update Check //define("UPDATEURL", "http://update.codiad.com/?v={VER}&o={OS}&p={PHP}&w={WEB}&a={ACT}"); //define("ARCHIVEURL", "https://github.com/Codiad/Codiad/archive/master.zip"); //define("COMMITURL", "https://api.github.com/repos/Codiad/Codiad/commits"); '; saveFile($config, $config_data); ////////////////////////////////////////////////////////////////////// // Verify no overwrites ////////////////////////////////////////////////////////////////////// if (!file_exists($users) && !file_exists($projects) && !file_exists($active)) { ////////////////////////////////////////////////////////////////// // Get POST responses ////////////////////////////////////////////////////////////////// $username = cleanUsername("default"); $password = encryptPassword("default"); ////////////////////////////////////////////////////////////////// // Create Projects files ////////////////////////////////////////////////////////////////// $project_path = 'cloud-project'; $project_name = 'Cloud Project'; if (!isAbsPath($project_path)) { $project_path = str_replace(" ", "_", preg_replace('/[^\\w-\\.]/', '', $project_path)); mkdir($workspace . "/" . $project_path); } else { $project_path = cleanPath($project_path); if (substr($project_path, -1) == '/') { $project_path = substr($project_path, 0, strlen($project_path) - 1); } if (!file_exists($project_path)) { if (!mkdir($project_path . '/', 0755, true)) {
function dbCheckUser(&$session, $user, $code) { $session->trace(TC_Db1, 'dbCheckUser'); $uid = dbUserId($session, $user); if (!$uid) { $rc = 1; } else { $fields = dbSingleRecord($session, 'select id,code,locked,theme,width,height,maxhits,postingsperpage,' . 'threadsperpage,startpage from ' . dbTable($session, "user") . ' where name="' . $user . '";'); if ($fields == null) { $rc = 1; } elseif ($fields[1] == '') { $rc = 0; } else { $code = encryptPassword($session, $user, $code); $session->trace(TC_Db1, 'dbCheckUser akt/db: ' . $code . " / " . $fields[1]); $rc = strcmp($code, $fields[1]) == 0 ? 0 : 2; } } // $count != 0 switch ($rc) { case 1: $rc = "Nicht definiert: {$user}"; break; case 2: $session->trace(TC_Db1, 'dbCheckUser-4:' . $code . " / " . $fields[1]); $rc = "Passwort nicht korrekt!"; break; case 3: $rc = "Benutzer gesperrt!"; break; default: $rc = ''; $session->setSessionUser($fields[0]); #function setUserData ($id, $name, $theme, $width, $height, # $maxhits, $postingsperpage, $threadsperpage, $startpage) { $session->setUserData($fields[0], $user, $fields[3], $fields[4], $fields[5], $fields[6], $fields[7], $fields[8], $fields[9]); break; } $session->trace(TC_Db1, 'dbCheckUser: rc="' . $rc . '"'); return $rc; }
} else { $login_proverka = mysql_query("SELECT {$db_columnUser} FROM {$db_table} WHERE {$db_columnUser}='{$login}'") or "Запрос к базе завершился ощибкой."; if (mysql_num_rows($login_proverka)) { $err = "Акаунт <b>" . $login . "</b> уже существует."; } elseif (strlen($login) < 4 or strlen($login) > 8) { $err = "Логин должен содержать не меньше 4 символов и не больше 8."; } elseif (strlen($pass) < 4 or strlen($pass) > 15) { $err = "Пароль должен содержать не меньше 4 символов и не больше 15."; } elseif (strlen($repass) < 4 or strlen($repass) > 15) { $err = "Повтор пароля должен содержать не меньше 4 символов и не больше 15."; } elseif ($pass != $repass) { $err = "Пароли не совпадают."; } elseif (!chk_crypt($_POST['captcha'])) { $err = "Каптча введена не верно!"; } else { $cp = encryptPassword($pass); if (!empty($email)) { mysql_query("INSERT INTO {$db_table} ({$db_columnUser},{$db_columnPass},{$db_columnEmail},{$db_columnRegDate}) VALUES('{$login}','{$cp}','{$email}',NOW())") or die("Запрос к базе завершился ощибкой."); } else { mysql_query("INSERT INTO {$db_table} ({$db_columnUser},{$db_columnPass},{$db_columnRegDate}) VALUES('{$login}','{$cp}',NOW())") or die("Запрос к базе завершился ощибкой."); } $info = "Аккаунт <b>" . $login . "</b> успешно зарегестрирован. Вы будете перенаправлены на главную страницу через 5 секунд."; echo '<br /><p class="ok">' . $info . '<br /></p>'; echo "<meta http-equiv='refresh'; content='5; url=index.php'> "; } } } if (!empty($err)) { echo '<br /><p class="err">' . $err . '<br /></p>'; } ?>