if ($GLOBALS["FORUMLINK"] == "smf") { $passhash = smf_passgen($arr["username"], $newpassword); do_sqlquery("UPDATE {$db_prefix}members SET passwd='{$passhash['0']}', passwordSalt='{$passhash['1']}' WHERE ID_MEMBER=" . $arr["smf_fid"]); } $body = sprintf($language["RECOVER_EMAIL_2"], $arr["username"], $newpassword, "{$BASEURL}/index.php?page=login", $SITENAME); send_mail($email, "{$SITENAME} " . $language["ACCOUNT_DETAILS"], $body) or stderr($language["ERROR"], $language["ERR_SEND_EMAIL"]); redirect("index.php?page=recover&act=recover_ok&id={$id}&random={$random}"); die; } elseif ($act == "recover_ok") { $id = intval(0 + $_GET["id"]); $random = intval($_GET["random"]); if (!$id || !$random || empty($random) || $random == 0) { stderr($language["ERROR"], $language["ERR_UPDATE_USER"]); } $res = do_sqlquery("SELECT username, email, random" . ($GLOBALS["FORUMLINK"] == "smf" ? ", smf_fid" : "") . " FROM {$TABLE_PREFIX}users WHERE id = {$id}"); $arr = mysql_fetch_array($res) or httperr(); if ($random != $arr["random"]) { stderr($language["ERROR"], $language["ERR_UPDATE_USER"]); } $email = $arr["email"]; success_msg($language["SUCCESS"], $language["SUC_SEND_EMAIL"] . " <b>{$email}</b>.\n" . $language["SUC_SEND_EMAIL_2"]); $tpl->set("main_footer", bottom_menu() . "<br />\n"); $tpl->set("btit_version", print_version()); echo $tpl->fetch(load_template("main.tpl")); die; } elseif ($act == "recover") { } $recovertpl = new bTemplate(); global $language, $recovertpl; $recovertpl->set("language", $language); $recover = array();
$attachment_dir = ROOT_DIR . "forum_attachments"; $at = sql_query("SELECT * FROM attachments WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__); $resat = mysql_fetch_assoc($at); $filename = $attachment_dir . '/' . $resat['filename']; if (!$resat || !is_file($filename) || !is_readable($filename)) { // return not found header httperr(); } if ($_GET['action'] == 'delete') { if (get_user_class() >= UC_MODERATOR) { @unlink($filename); sql_query("DELETE FROM attachments WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__); sql_query("DELETE FROM attachmentdownloads WHERE fileid=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__); die('<font color=\\"red\\">File successfull deleted...'); } else { httperr(); } } $file_extension = strtolower(substr(strrchr($filename, "."), 1)); switch ($file_extension) { case "pdf": $ctype = "application/pdf"; break; case "exe": $ctype = "application/octet-stream"; break; case "zip": $ctype = "application/zip"; break; case "rar": $ctype = "application/zip";
</span> </td> </tr> </table> <div id="foot"> <span><a href="http://www.btiteam.org" target="_blank">BtiTeam.org</a> | <a href="https://github.com/Yupy/BtiTracker-1.5.1" target="_blank">GitHub.com</a> | <a href="#">BtiTracker v1.5.1 by Yupy & Btiteam</a></span> </div> <?php } elseif ($_GET) { $id = 0 + (int) $_GET["id"]; $random = intval($_GET["random"]); if (!$id || !$random || empty($random) || $random == 0) { stderr(ERROR, ERR_UPDATE_USER); } $res = $db->query("SELECT username, email, random FROM users WHERE id = " . $id); $arr = $res->fetch_array(MYSQLI_BOTH) or httperr(); if ($random != $arr["random"]) { stderr(ERROR, ERR_UPDATE_USER); } $email = $arr["email"]; // generate new password; $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $newpassword = ''; for ($i = 0; $i < 10; $i++) { $newpassword .= $chars[mt_rand(0, utf8::strlen($chars) - 1)]; } $db->query("UPDATE users SET password = '******' WHERE id = " . $id . " AND random = " . $random); if (!$db->affected_rows) { stderr(ERROR, ERR_UPDATE_USER); } $body = <<<EOD