function redirect2gateway($payment = array())
{
$this->_set_payment($payment);
$qs = array('x_login' => $this->config['sid'], 'id_type' => 1, 'fixed' => 'Y', 'pay_method' => 'CC', 'x_receipt_link_url' => _BASEURL_ . '/thankyou.php?p=' . $this->module_code, 'x_invoice_num' => 'inv' . gen_pass(5), 'x_amount' => $this->payment['price'], 'c_price' => $this->payment['price'], 'c_prod' => $this->payment['internal_id'], 'c_name' => $this->payment['internal_name'], 'c_description' => isset($this->payment['internal_diz']) ? $this->payment['internal_diz'] : '', 'c_tangible' => 'N', 'internal_id' => $this->payment['internal_id'], 'dm_item_type' => $this->payment['dm_item_type']);
if ($this->config['demo_mode'] == 1) {
$qs['demo'] = 'Y';
}
if (!empty($this->payment['user_id'])) {
$qs['user_id'] = $this->payment['user_id'];
}
// redirect2page('https://www2.2checkout.com/2co/buyer/purchase',array(),array2qs($qs),true);
post2page('https://www2.2checkout.com/2co/buyer/purchase', $qs, true);
}
/**
* Метод для генерации пароля для подтверждения рассылки
* @param $tema
* @param $msg
* @return sms
*/
public function generate_pass($tema, $msg)
{
$this->db->write_log(6, $tema . "; " . $msg);
$this->set_result(true);
//генерация пароля
$rand = gen_pass();
$query = "INSERT INTO want_to_send (pass, user_id, tema, msg)\n VALUES ('{$rand}', '{$_SESSION['id']}', '{$tema}', '{$msg}')";
$this->db->query($query) or $this->set_result(false);
if ($this->get_result()) {
$msg = "Немедленно сообщите администратору, если вы не совершали рассылку! Пароль для рассылки: {$rand}. Тема рассылки: " . $tema . ". Сообщение: " . $msg;
$result = $this->send_sms($msg, $this->phone)->get_result();
if ($result['code'] == 0) {
$this->set_result($this->db->get_last_id());
} else {
$this->set_result(false);
}
}
return $this;
}
function __construct($login, $pass = "", $id = false)
{
$this->db = new data_base();
$settings = $this->db->super_query("SELECT * FROM system_settings", false)->get_res();
if ($id) {
$query = "SELECT admin.id, admin.login, admin.phone, settings.id AS settings, settings.confirm_reg, settings.cofirm_msg, obl.id AS obl, goroda.id AS gorod, prava.id AS prava FROM admin\n LEFT JOIN obl ON obl.id = admin.obl\n LEFT JOIN goroda ON goroda.id = admin.gorod\n LEFT JOIN prava ON prava.id = admin.prava\n LEFT JOIN settings ON settings.id = admin.settings_id\n WHERE admin.login='******' AND admin.id='{$id}' AND admin.is_activ='1'";
$res = $this->db->super_query($query, false)->get_res() or $res = false;
//print_arr($res);
if ($res) {
$this->set_login($login)->set_id($res['id'])->set_prava($res['prava'])->set_gorod($res['gorod'])->set_obl($res['obl'])->set_conf_reg($res['confirm_reg'])->set_conf_msg($res['cofirm_msg'])->set_settings($res['settings']);
/*$devices = explode(",", $res['devices']);
$i = 0;
foreach ($devices as $item){
$_SESSION['devices'][$i] = $item;
$i++;
}
$_SESSION['count_dev'] = count($devices);
$_SESSION['default'] = $res['default_dev'];*/
$this->phone = $res['phone'];
}
} else {
$pass = md5($pass);
$_SESSION['added'] = "";
$query = "SELECT admin.id, login, prava.id AS prava, auth_pass, phone FROM admin\n INNER JOIN prava ON prava.id = admin.prava \n WHERE login='******' AND pass='******' AND is_activ='1'";
$res = $this->db->super_query($query, false)->get_res() or $res = false;
$count_rows = $this->db->rows;
//глобальная переменная, определяющая успешность авторизации
global $auth;
if ($count_rows == 1) {
if ($res[auth_pass] == 0) {
$auth = "pass";
$password = gen_pass();
$msg = str_replace("[пароль]", $password, $settings[auth_masg]);
$this->send_sms($msg, $res[phone]);
$this->db->query("UPDATE admin SET auth_pass="******" WHERE id=" . $res[id]);
//return false;
} else {
if ($res[auth_pass] == $_POST[password]) {
$_SESSION['login'] = $res['login'];
$_SESSION['id'] = $res['id'];
$_SESSION['access'] = $res['prava'];
$this->db->write_log(1, "Вход! IP: " . $_SERVER[REMOTE_ADDR] . "; " . $_SERVER[HTTP_USER_AGENT]);
$this->db->query("UPDATE admin SET auth_pass=0 WHERE id=" . $res[id]);
$auth = "true";
} else {
if ($res[auth_pass] != $_POST[password]) {
$auth = "false";
} else {
$auth = "pass";
}
}
}
} else {
if ($count_rows == 0) {
$query = "SELECT login, id FROM admin WHERE login='******'";
$res = $this->db->super_query($query, false)->get_res();
$this->db->write_log(1, "Неудачная попытка входа в учетную запись " . $res[login] . "! IP: " . $_SERVER[REMOTE_ADDR] . "; " . $_SERVER[HTTP_USER_AGENT], $res[id]);
$auth = "false";
}
}
}
}
$fname = text_filter($_POST['fname']);
if (!$fname) {
$error .= "Error: Please enter your Frind's Name!<br />";
}
if (!$yname) {
$error .= "Error: Please enter your Name!<br />";
}
$gfx_check = intval($_POST['gfx_check']);
if ($_POST['gfx_check'] != $_SESSION['Var_session'] or !isset($_SESSION['Var_session'])) {
$error .= "Error: Security Code Invalid <br />";
}
if ($error) {
$tengah .= '<div class="error">' . $error . '</div>';
} else {
$subject = "Ada artikel bagus di {$url_situs}";
$full_pesan = "Hallo,\n\nBerikut ini ada artikel yang bagus untuk dibaca,\n<br />Artikel dengan judul : {$judul_artikel}, silahkan klik aja <a href='{$url_situs}/?pilih=news&mod=yes&aksi=lihat&id={$id}'>{$url_situs}/?pilih=news&mod=yes&aksi=lihat&id={$id}</a>.\n<br />\n<br />\n{$pesan}\n<br />\n<br />Terima kasih.";
mail_send($femail, $yemail, $subject, $full_pesan, 0, 3);
$tengah .= '<div class="sukses"><p>Pesan Anda telah dikirim ke teman Anda.<br />Terima kasih mau mendistribusikan artikel di situs ini.</p></div>';
$tengah .= '<meta http-equiv="refresh" content="3; url=?pilih=news&mod=yes&aksi=lihat&id=' . $id . '">';
}
}
$tengah .= '<div class="border">';
$tengah .= "\n<form method=\"post\" action=\"\">\n<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\" align=\"center\">\n <tr>\n <td valign=\"top\">Your Name</td>\n <td valign=\"top\">:</td>\n <td valign=\"top\"><input type=\"text\" name=\"yname\" style=\"width:150px\" size=\"50\" /></td>\n </tr>\n <tr>\n <td valign=\"top\">Your E-mail</td>\n <td valign=\"top\">:</td>\n <td valign=\"top\"><input type=\"text\" name=\"yemail\" style=\"width:150px\" size=\"50\" /></td>\n </tr>\n <tr>\n <td valign=\"top\">Your Friend's Name</td>\n <td valign=\"top\">:</td>\n <td valign=\"top\"><input type=\"text\" name=\"fname\" style=\"width:150px\" size=\"50\" /></td>\n </tr>\n <tr>\n <td valign=\"top\">Your Friend's E-Mail</td>\n <td valign=\"top\">:</td>\n <td valign=\"top\"><input type=\"text\" name=\"femail\" style=\"width:150px\" size=\"50\" /></td>\n </tr>\n <tr>\n <td valign=\"top\">Message (option)</td>\n <td valign=\"top\">:</td>\n <td valign=\"top\"><textarea name=\"pesan\" cols=\"50\" rows=\"10\" style=\"width:250px\"></textarea></td>\n </tr>";
if (extension_loaded("gd")) {
$random_num = gen_pass(10);
$tengah .= "\n <tr>\n <td valign=\"top\">Security Code</td>\n <td valign=\"top\">:</td>\n <td valign=\"top\"><img src=\"{web}/includes/code_image.php\" border=\"1\" alt=\"Security Code\" /></td>\n </tr>\n <tr>\n <td valign=\"top\">Type Code</td>\n <td valign=\"top\">:</td>\n <td valign=\"top\"><input type=\"text\" name=\"gfx_check\" size=\"10\" maxlength=\"6\" /></td>\n </tr>";
}
$tengah .= "\n <tr>\n <td valign=\"top\"></td>\n <td valign=\"top\"></td>\n <td valign=\"top\"></td>\n </tr>\n <tr>\n <td valign=\"top\"></td>\n <td valign=\"top\"></td>\n <td valign=\"top\"><input type=\"submit\" name=\"submit\" value=\"Submit\" /></td>\n </tr>\n</table>\n</form>";
$tengah .= '</div>';
}
echo $tengah;
}
if ($_GET['aksi'] == "forgotpass") {
$tengah .= '<h5 class="bg">Lupa Password / User ?</h5>';
if (isset($_POST['submit'])) {
$email = $_POST['email'];
if (!$email) {
$error .= "Error: Formulir Email belum diisi , silahkan ulangi.<br />";
}
if ($error) {
$tengah .= '<div class="error">' . $error . '</div>';
} else {
$jumlah = $koneksi_db->sql_numrows($koneksi_db->sql_query("SELECT * FROM useraura WHERE email='{$email}' AND tipe='aktif'"));
if ($jumlah < 1) {
$tengah .= '<div class="error">Sorry,no member with that data</div>';
} else {
$newpass = gen_pass(10);
$userdata = "SELECT * FROM useraura WHERE email = '{$email}'";
$userdata = $koneksi_db->sql_query($userdata);
$datauser = mysql_fetch_array($userdata);
$user = $datauser['user'];
$emailuser = $datauser['email'];
$newpassword = md5($newpass);
$update = "update useraura set password = '******' where email='{$emailuser}'";
$updatedata = $koneksi_db->sql_query($update);
//forgot_login();
$subject = "{$judul_situs} - Berikut Data Account Anda";
$pesan .= '
<table width="700" align="center">
<tr>
<td><img src="' . $url_situs . '/images/head.png" alt="teamworks.co.id" width="700" height="80" style=""/></td>
</tr>
if (empty($temp['text'])) {
$topass['message']['text'] = $GLOBALS['_lang'][69];
} else {
$topass['message']['text'] = $temp['text'];
}
$input['error_' . $field->config['dbfield']] = 'red_border';
}
if (!$error) {
if (!empty($field->config['fn_on_change'])) {
$on_changes[] = array('fn' => $field->config['fn_on_change'], 'param2' => $field->get_value(), 'param3' => $field->config['dbfield']);
}
}
}
if (!$error) {
if ($input['page'] == 1) {
$input['temp_pass'] = md5(gen_pass(6));
$query = "INSERT IGNORE INTO `" . USER_ACCOUNTS_TABLE . "` SET `" . USER_ACCOUNT_USER . "`='" . $input['user'] . "',`" . USER_ACCOUNT_PASS . "`=md5('" . $input['pass'] . "'),`email`='" . $input['email'] . "',`membership`=2,`status`=" . ASTAT_UNVERIFIED . ",`temp_pass`='" . $input['temp_pass'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$_SESSION[_LICENSE_KEY_]['user']['reg_id'] = mysql_insert_id();
$_SESSION[_LICENSE_KEY_]['user']['user'] = $input['user'];
// for `dsb_payments`
$_SESSION[_LICENSE_KEY_]['user']['email'] = $input['email'];
// for info_signup.html
$input['uid'] = $_SESSION[_LICENSE_KEY_]['user']['reg_id'];
send_template_email($input['email'], sprintf($GLOBALS['_lang'][70], _SITENAME_), 'confirm_reg.html', get_my_skin(), $input);
}
$query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}user_profiles` WHERE `fk_user_id`=" . $_SESSION[_LICENSE_KEY_]['user']['reg_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
function print_form($user_in_db = "", $uinfo = "", $name = "", $password_notice = "")
{
$pass = gen_pass();
$form = "\n<div id=\"form_div\">\n<fieldset>\n<legend><span id=\"leg\">Adding Database User : {$uinfo}</span></legend>\n<form action=\"main.php?update=1\" method=\"post\">\n <table id=\"change_form\">\n <tr><td>Database</td><td><input type=\"text\" name=\"db_name\" value=\"{$name}\" size=\"25\"></td></tr>\n <tr><td>Password*</td><td><input type=\"text\" name=\"pass\" value=\"{$pass}\" size=\"25\"><input type=\"hidden\" name=\"name\" value=\"{$name}\"/></td></tr>\n <tr><td colspan=\"2\"><input type=\"submit\" value=\"Update User Information Now.\"></td></tr>\n </table>\n</form>\n{$password_notice}\n</fieldset>\n{$user_in_db}\n</div></div>";
return $form;
}
case 1:
$pass = $pass. $num;
break;
case 2:
$pass = $pass. $lowcase;
break;
case 3:
$pass = $pass. $upcase;
break;
}
}
return($pass);
}
$pass = gen_pass();
$found = array();
$found[0] = json_encode(array('Method' => 'ForgotPassword', 'WebPassword' => md5(WEBUI_PASSWORD)
, 'UUID' => cleanQuery($UUID)
, 'Password' => cleanQuery($pass)));
$do_post_requested = do_post_request($found);
$recieved = json_decode($do_post_requested);
// echo '<pre>';
// var_dump($recieved);
// var_dump($do_post_requested);
// echo '</pre>';
if ($recieved->{'Verified'} == "true")
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/join.inc.php';
$qs = 'type=signup';
$qssep = '&';
$uid = sanitize_and_format_gpc($_GET, 'uid', TYPE_INT, 0, 0);
if (!empty($uid)) {
$query = "SELECT `" . USER_ACCOUNT_ID . "` as `uid`,`email`,`temp_pass` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`={$uid}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$input = mysql_fetch_assoc($res);
if (empty($input['temp_pass'])) {
$input['temp_pass'] = gen_pass(7);
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `temp_pass`='" . $input['temp_pass'] . "' WHERE `" . USER_ACCOUNT_ID . "`={$uid}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
send_template_email($input['email'], sprintf($GLOBALS['_lang'][70], _SITENAME_), 'confirm_reg.html', get_my_skin(), $input);
$qs .= $qssep . 'email=' . $input['email'];
}
}
redirect2page('info.php', array(), $qs);
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
define('CACHE_LIMITER', 'private');
require 'includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/join.inc.php';
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
$uid = sanitize_and_format_gpc($_GET, 'uid', TYPE_INT, 0, 0);
$secret = sanitize_and_format_gpc($_GET, 'secret', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
if (!empty($uid) && !empty($secret)) {
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `status`=" . ASTAT_ACTIVE . ",`temp_pass`='" . gen_pass(7) . "' WHERE `" . USER_ACCOUNT_ID . "`={$uid} AND `status`=" . ASTAT_UNVERIFIED . " AND `temp_pass`='{$secret}' LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (isset($_SESSION[_LICENSE_KEY_]['user']['timedout'])) {
unset($_SESSION[_LICENSE_KEY_]['user']['timedout']);
}
if (mysql_affected_rows()) {
$qs = 'type=acctok';
redirect2page('info.php', array(), $qs);
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][1];
redirect2page('info.php', $topass);
}
}
}
ftp_close($link);
} else {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'][] = 'FTP Host is wrong.';
}
} else {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'][] = 'Server configuration does not allow ftp connections.';
}
}
if (!$error) {
$input['fileop_mode'] = $_SESSION['install']['write'];
$input['license_key'] = strtoupper(gen_pass(22));
$input['license_key_md5'] = md5($input['license_key']);
$tpl = new phemplate('../skin/', 'remove_nonjs');
$tpl->set_file('content', 'defines.inc.php');
$tpl->set_var('input', $input);
$towrite = $tpl->process('content', 'content', TPL_FINISH);
define('_BASEPATH_', $input['basepath']);
define('_FILEOP_MODE_', $input['fileop_mode']);
define('_FTPHOST_', $input['ftphost']);
define('_FTPPATH_', $input['ftppath']);
define('_FTPUSER_', $input['ftpuser']);
define('_FTPPASS_', $input['ftppass']);
require_once '../../includes/classes/fileop.class.php';
$fileop = new fileop();
$fileop->delete($input['basepath'] . '/includes/defines.inc.php');
$fileop->file_put_contents($input['basepath'] . '/includes/defines.inc.php', $towrite);
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'][] = $GLOBALS['_lang'][58];
}
if (get_site_option('use_captcha', 'core')) {
$captcha = sanitize_and_format_gpc($_POST, 'captcha', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
if (!$error && (!isset($_SESSION['captcha_word']) || strcasecmp($captcha, $_SESSION['captcha_word']) != 0)) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'][] = $GLOBALS['_lang'][24];
$input['error_captcha'] = 'red_border';
}
}
unset($_SESSION['captcha_word']);
if (!$error) {
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `" . USER_ACCOUNT_PASS . "`=" . PASSWORD_ENC_FUNC . "('" . $input['pass'] . "'),`temp_pass`='" . gen_pass(7) . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $input['uid'] . " AND `" . USER_ACCOUNT_USER . "`='" . $input['user'] . "' AND `temp_pass`='" . $input['secret'] . "'";
if (isset($_on_before_update)) {
for ($i = 0; isset($_on_before_update[$i]); ++$i) {
call_user_func($_on_before_update[$i]);
}
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_affected_rows()) {
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = $GLOBALS['_lang'][59];
} else {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][60];