} return 'DELETE ' . implode(', ', $tables) . " FROM " . implode(' ', $joins) . " WHERE t1.id='{$userid}' AND t1.class < '{$maxclass}';"; } //== if ($_SERVER["REQUEST_METHOD"] == "POST") { $username = trim(htmlsafechars($_POST["username"])); $password = trim(htmlsafechars($_POST["password"])); if (!$username || !$password) { stderr("{$lang['text_error']}", "{$lang['text_please']}"); } $res = sql_query("SELECT id, secret, passhash FROM users WHERE username="******"") or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($res) != 1) { stderr("{$lang['text_error']}", "{$lang['text_bad']}"); } $arr = mysqli_fetch_assoc($res); $wantpasshash = make_passhash($arr['secret'], md5($password)); if ($arr['passhash'] != $wantpasshash) { stderr("{$lang['text_error']}", "{$lang['text_bad']}"); } $userid = (int) $arr['id']; $res = sql_query(account_delete($userid)) or sqlerr(__FILE__, __LINE__); //$res = sql_query("DELETE FROM users WHERE id=" . sqlesc($userid)) or sqlerr(__FILE__, __LINE__); if (mysqli_affected_rows($GLOBALS["___mysqli_ston"]) !== false) { $mc1->delete_value('MyUser_' . $userid); $mc1->delete_value('user' . $userid); write_log("User: {$username} Was deleted by {$CURUSER['username']}"); stderr("{$lang['stderr_success']}", "{$lang['text_success']}"); } else { stderr($lang['text_error'], $lang['text_unable']); } }
} $email = isset($_POST["mail"]) ? htmlsafechars($_POST["mail"]) : ""; if (empty($email)) { stderr("Error", "No email adress, you forgot about that?"); } if (!validemail($email)) { stderr("Error", "That dosen't look like an email adress"); } check_banned_emails($email); //==Check if username or password already exists $var_check = sql_query("SELECT id, editsecret FROM users where username="******" OR email=" . sqlesc($email)) or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($var_check) == 1) { stderr("Error", "Username or password already exists"); } $secret = mksecret(); $passhash = make_passhash($secret, md5($password)); //$editsecret = make_passhash_login_key(); $editsecret = EMAIL_CONFIRM ? make_passhash_login_key() : ""; $res = sql_query("INSERT INTO users(username, passhash, secret, editsecret, email, added, uploaded, invites, seedbonus) VALUES (" . implode(",", array_map("sqlesc", array($username, $passhash, $secret, $editsecret, $email, TIME_NOW, $ar_check["bonus_upload"] * 1073741824, $ar_check["bonus_invites"], $ar_check["bonus_karma"]))) . ") ") or sqlerr(__FILE__, __LINE__); if ($res) { //==Updating promo table $userid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res; $users = empty($ar_check["users"]) ? $userid : $ar_check["users"] . "," . $userid; sql_query("update promo set accounts_made=accounts_made+1 , users=" . sqlesc($users) . " WHERE id=" . sqlesc($ar_check["id"])) or sqlerr(__FILE__, __LINE__); //==Email part :) $sec = $editsecret; $subject = $INSTALLER09['site_name'] . " user registration confirmation"; $message = "Hi!\n\t\t\t\t\t\tYou used the link from promo " . htmlsafechars($ar_check["name"]) . " and registred a new account at {$INSTALLER09['site_name']}\n\t\t\t\t\t\t\t\n\t\t\t\t\t\tTo confirm your account click the link below\n\t\t\t\t\t\t{$INSTALLER09['baseurl']}/confirm.php?id=" . (int) $userid . "&secret={$sec}\n\n\t\t\t\t\t\tWelcome and enjoy your stay \n\t\t\t\t\t\tStaff at {$INSTALLER09['site_name']}"; $headers = 'From: ' . $INSTALLER09['site_email'] . "\r\n" . 'Reply-To:' . $INSTALLER09['site_email'] . "\r\n" . 'X-Mailer: PHP/' . phpversion(); $mail = @mail($email, $subject, $message, $headers); stderr("Success!", "Account was created! and an email was sent to <b>" . htmlsafechars($email) . "</b>, you can use your account once you confirm the email!");
} require_once INCL_DIR . 'user_functions.php'; require_once INCL_DIR . 'password_functions.php'; require_once CLASS_DIR . 'class_check.php'; class_check(UC_ADMINISTRATOR); $lang = array_merge($lang, load_language('ad_adduser')); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $insert = array('username' => '', 'email' => '', 'secret' => '', 'passhash' => '', 'status' => 'confirmed', 'added' => TIME_NOW, 'last_access' => TIME_NOW); if (isset($_POST['username']) && strlen($_POST['username']) >= 5) { $insert['username'] = $_POST['username']; } else { stderr($lang['std_err'], $lang['err_username']); } if (isset($_POST['password']) && isset($_POST['password2']) && strlen($_POST['password']) > 6 && $_POST['password'] == $_POST['password2']) { $insert['secret'] = mksecret(); $insert['passhash'] = make_passhash($insert['secret'], md5($_POST['password'])); } else { stderr($lang['std_err'], $lang['err_password']); } if (isset($_POST['email']) && validemail($_POST['email'])) { $insert['email'] = $_POST['email']; } else { stderr($lang['std_err'], $lang['err_email']); } if (sql_query(sprintf('INSERT INTO users (username, email, secret, passhash, status, added, last_access) VALUES (%s)', join(', ', array_map('sqlesc', $insert))))) { $user_id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res; stderr($lang['std_success'], sprintf($lang['text_user_added'], $user_id)); } else { if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) { $res = sql_query(sprintf('SELECT id FROM users WHERE username = %s', sqlesc($insert['username']))) or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($res)) {
if (!$row) { bark(); } if (!$row) { $ip = sqlesc(getip()); $added = sqlesc(time()); $fail = @mysql_fetch_row(@sql_query("select count(*) from failedlogins where ip={$ip}")) or sqlerr(__FILE__, __LINE__); if ($fail[0] == 0) { sql_query("INSERT INTO failedlogins (ip, added, attempts) VALUES ({$ip}, {$added}, 1)") or sqlerr(__FILE__, __LINE__); } else { sql_query("UPDATE failedlogins SET attempts = attempts + 1 where ip={$ip}") or sqlerr(__FILE__, __LINE__); } @fclose(@fopen('' . $INSTALLER09['dictbreaker'] . '/' . sha1($_SERVER['REMOTE_ADDR']), 'w')); bark(); } if ($row['passhash'] != make_passhash($row['secret'], md5($password))) { $ip = sqlesc(getip()); $added = sqlesc(time()); $fail = @mysql_fetch_row(@sql_query("select count(*) from failedlogins where ip={$ip}")) or sqlerr(__FILE__, __LINE__); if ($fail[0] == 0) { sql_query("INSERT INTO failedlogins (ip, added, attempts) VALUES ({$ip}, {$added}, 1)") or sqlerr(__FILE__, __LINE__); } else { sql_query("UPDATE failedlogins SET attempts = attempts + 1 where ip={$ip}") or sqlerr(__FILE__, __LINE__); } @fclose(@fopen('' . $INSTALLER09['dictbreaker'] . '/' . sha1($_SERVER['REMOTE_ADDR']), 'w')); $to = $row["id"]; $subject = "Failed login"; $msg = "[color=red]Security alert[/color]\n Account: ID=" . $row['id'] . " Somebody (probably you, " . $username . " !) tried to login but failed!" . "\nTheir [b]Ip Address [/b] was : " . $ip . "\n If this wasn't you please report this event to a {$INSTALLER09['site_name']} staff member\n - Thank you.\n"; $sql = "INSERT INTO messages (sender, receiver, msg, subject, added) VALUES('System', '{$to}', " . sqlesc($msg) . ", " . sqlesc($subject) . ", {$added});"; $res = sql_query($sql) or sqlerr(__FILE__, __LINE__); stderr("Login failed !", "<b>Error</b>: Username or password entry incorrect <br />Have you forgotten your password? <a href='{$INSTALLER09['baseurl']}/resetpw.php'><b>Recover</b></a> your password !");
} if ($chpassword != $passagain) { stderr("Error", $lang['takeeditcp_pass_not_match']); } $secret = mksecret(); $passhash = make_passhash($secret, md5($chpassword)); $updateset[] = "secret = " . sqlesc($secret); $updateset[] = "passhash = " . sqlesc($passhash); logincookie($CURUSER["id"], md5($passhash . $_SERVER["REMOTE_ADDR"])); } if ($email != $CURUSER["email"]) { if (!validemail($email)) { stderr("Error", $lang['takeeditcp_not_valid_email']); } $r = @sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr(); if (mysql_num_rows($r) > 0 || $CURUSER["passhash"] != make_passhash($CURUSER['secret'], md5($chmailpass))) { stderr("Error", $lang['takeeditcp_address_taken']); } $changedemail = 1; } if ($secretanswer != '') { if (strlen($secretanswer) > 40) { stderr("Sorry", "secret answer is too long (max is 40 chars)"); } if (strlen($secretanswer) < 6) { stderr("Sorry", "secret answer is too sort (min is 6 chars)"); } $new_secret_answer = md5($secretanswer); $updateset[] = "hintanswer = " . sqlesc($new_secret_answer); } if (get_parked() == '1') {
function register_account($email, $password, $team_name, $country, $type = null, $phoneNo, $age, $eduI, $eduLevel, $fullName, $instanceID) { if (!CONFIG_ACCOUNTS_SIGNUP_ALLOWED) { message_error('Registration is currently closed.'); } if (empty($email) || empty($password) || empty($team_name)) { message_error('Please fill in all the details correctly.'); } if (isset($type) && !is_valid_id($type)) { message_error('That does not look like a valid team type.'); } if (strlen($team_name) > CONFIG_MAX_TEAM_NAME_LENGTH || strlen($team_name) < CONFIG_MIN_TEAM_NAME_LENGTH) { message_error('Your team name was too long or too short.'); } validate_email($email); if (!allowed_email($email)) { message_error('Email not on whitelist. Please choose a whitelisted email or contact organizers.'); } $num_countries = db_select_one('countries', array('COUNT(*) AS num')); if (!isset($country) || !is_valid_id($country) || $country > $num_countries['num']) { message_error('Please select a valid country.'); } $user = db_select_one('users', array('id'), array('team_name' => $team_name, 'email' => $email), null, 'OR'); if ($user['id']) { message_error('An account with this team name or email already exists.'); } $user_id = db_insert('users', array('email' => $email, 'passhash' => make_passhash($password), 'team_name' => $team_name, 'added' => time(), 'enabled' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? '1' : '0', 'user_type' => isset($type) ? $type : 0, 'country_id' => $country, 'DOB' => $age, 'mobileNo' => $phoneNo, 'eduInstitution' => $eduI, 'eduLevel' => $eduLevel, 'fullName' => $fullName, 'instanceID' => $instanceID)); // insertion was successful if ($user_id) { // log signup IP log_user_ip($user_id); // if account isn't enabled by default, display message and die if (!CONFIG_ACCOUNTS_DEFAULT_ENABLED) { message_generic('Signup successful', 'Thank you for registering! Your chosen email is: ' . htmlspecialchars($email) . '. Make sure to check your spam folder as emails from us may be placed into it. Please stay tuned for updates!'); } else { return true; } } // no rows were inserted return false; }
} } // stage 1, part 2 if ($_POST['action'] == 'reset_password') { if (CONFIG_RECAPTCHA_ENABLE_PUBLIC) { validate_captcha(); } $user = db_select_one('users', array('id', 'team_name', 'email'), array('email' => $_POST[md5(CONFIG_SITE_NAME . 'EMAIL')])); if ($user['id']) { $auth_key = hash('sha256', generate_random_string(128)); db_insert('reset_password', array('added' => time(), 'user_id' => $user['id'], 'ip' => get_ip(true), 'auth_key' => $auth_key)); $email_subject = 'Password recovery for team ' . htmlspecialchars($user['team_name']); // body $email_body = htmlspecialchars($user['team_name']) . ', please follow the link below to reset your password:'******'reset_password?action=choose_password&auth_key=' . $auth_key . '&id=' . $user['id'] . "\r\n" . "\r\n" . 'Regards,' . "\r\n" . CONFIG_SITE_NAME; // send details to user send_email(array($user['email']), $email_subject, $email_body); } message_generic('Success', 'If the email you provided was found in the database, an email has now been sent to it with further instructions!'); } else { if ($_POST['action'] == 'choose_password' && is_valid_id($auth['user_id'])) { $new_password = $_POST[md5(CONFIG_SITE_NAME . 'PWD')]; if (empty($new_password)) { message_error('You can\'t have an empty password'); } $new_passhash = make_passhash($new_password); db_update('users', array('passhash' => $new_passhash), array('id' => $auth['user_id'])); db_delete('reset_password', array('user_id' => $auth['user_id'])); message_generic('Success', 'Your password has been reset.'); } } }
function register_account($email, $password, $team_name, $country, $type = null) { if (!CONFIG_ACCOUNTS_SIGNUP_ALLOWED) { message_error(lang_get('registration_closed')); } if (empty($email) || empty($password) || empty($team_name)) { message_error(lang_get('please_fill_details_correctly')); } if (isset($type) && !is_valid_id($type)) { message_error(lang_get('invalid_team_type')); } if (strlen($team_name) > CONFIG_MAX_TEAM_NAME_LENGTH || strlen($team_name) < CONFIG_MIN_TEAM_NAME_LENGTH) { message_error('team_name_too_long_or_short'); } validate_email($email); if (!allowed_email($email)) { message_error(lang_get('email_not_whitelisted')); } $num_countries = db_select_one('countries', array('COUNT(*) AS num')); if (!isset($country) || !is_valid_id($country) || $country > $num_countries['num']) { message_error(lang_get('please_supply_country_code')); } $user = db_select_one('users', array('id'), array('team_name' => $team_name, 'email' => $email), null, 'OR'); if ($user['id']) { message_error(lang_get('user_already_exists')); } $user_id = db_insert('users', array('email' => $email, 'passhash' => make_passhash($password), 'team_name' => $team_name, 'added' => time(), 'enabled' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? '1' : '0', 'user_type' => isset($type) ? $type : 0, 'country_id' => $country)); // insertion was successful if ($user_id) { // log signup IP log_user_ip($user_id); // signup email $email_subject = lang_get('signup_email_subject', array('site_name' => CONFIG_SITE_NAME)); // body $email_body = lang_get('signup_email_success', array('team_name' => htmlspecialchars($team_name), 'site_name' => CONFIG_SITE_NAME, 'signup_email_availability' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? lang_get('signup_email_account_availability_message_login_now') : lang_get('signup_email_account_availability_message_login_later'), 'signup_email_password' => CONFIG_ACCOUNTS_EMAIL_PASSWORD_ON_SIGNUP ? lang_get('your_password_is') . ': ' . $password : lang_get('your_password_was_set'))); // send details to user send_email(array($email), $email_subject, $email_body); // if account isn't enabled by default, display message and die if (!CONFIG_ACCOUNTS_DEFAULT_ENABLED) { message_generic(lang_get('signup_successful'), lang_get('signup_successful_text', array('email' => htmlspecialchars($email)))); } else { return true; } } // no rows were inserted return false; }
die; } $select = mysql_query('SELECT id, editsecret FROM users WHERE id = ' . sqlesc($id)) or sqlerr(__FILE__, __LINE__); $fetch = mysql_fetch_assoc($select) or stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error8']}"); if (empty($newpass)) { stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error9']}"); } if ($newpass != $newpassagain) { stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error10']}"); } if (strlen($newpass) < 6) { stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error11']}"); } if (strlen($newpass) > 40) { stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error12']}"); } $secret = mksecret(); $newpassword = make_passhash($secret, md5($newpass)); mysql_query('UPDATE users SET secret = ' . sqlesc($secret) . ', editsecret = "", passhash=' . sqlesc($newpassword) . ' WHERE id = ' . sqlesc($id) . ' AND editsecret = ' . sqlesc($fetch["editsecret"])); if (!mysql_affected_rows()) { stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error13']}"); } else { stderr("{$lang['stderr_successhead']}", "{$lang['stderr_error14']} <a href='{$TBDEV['baseurl']}/login.php' class='altlink'><b>{$lang['stderr_error15']}</b></a> {$lang['stderr_error16']}", FALSE); } } else { if (isset($_SESSION['captcha_time'])) { time() - $_SESSION['captcha_time'] < 10 ? exit($lang['captcha_spam']) : NULL; } $HTMLOUT .= "<script type='text/javascript' src='scripts/jquery.js'></script>\r\n <script type='text/javascript' src='scripts/jquery.simpleCaptcha-0.2.js'></script>\r\n <script type='text/javascript'>\r\n\t \$(document).ready(function () {\r\n\t \$('#captchalogin').simpleCaptcha();\r\n });\r\n </script>\r\n<p>{$lang['main_body']}</p>\r\n<br />\r\n<form method='post' action='" . $_SERVER['PHP_SELF'] . "?step=1'>\r\n<table border='1' cellspacing='0' cellpadding='10'>\r\n<tr>\r\n<td class='rowhead'>{$lang['main_email_add']}</td><td><input type='text' size='40' name='email' /></td></tr>\r\n<tr>\r\n<td class='rowhead' colspan='2' id='captchalogin'></td>\r\n</tr>\r\n<tr><td colspan='2' align='center'><input type='submit' value='{$lang['main_recover']}' style='height: 25px' /></td></tr></table>\r\n</form>"; print stdhead('Reset Lost Password') . $HTMLOUT . stdfoot(); }
header("Location: {$TBDEV['baseurl']}/index.php"); } if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "") { stderr("{$lang['stderr_error']}", "{$lang['text_missing']}"); } if ($_POST["password"] != $_POST["password2"]) { stderr("{$lang['stderr_error']}", "{$lang['text_passwd']}"); } if (!validemail($_POST['email'])) { stderr("{$lang['stderr_error']}", "{$lang['text_email']}"); } $username = sqlesc($_POST["username"]); $password = $_POST["password"]; $email = sqlesc($_POST["email"]); $secret = mksecret(); $passhash = sqlesc(make_passhash($secret, md5($password))); $secret = sqlesc($secret); $time_now = time(); @mysql_query("INSERT INTO users (added, last_access, secret, username, passhash, status, email) VALUES({$time_now}, {$time_now}, {$secret}, {$username}, {$passhash}, 'confirmed', {$email})") or sqlerr(__FILE__, __LINE__); $res = @mysql_query("SELECT id FROM users WHERE username={$username}"); $arr = mysql_fetch_row($res); if (!$arr) { stderr("{$lang['stderr_error']}", "{$lang['text_username']}"); } header("Location: {$TBDEV['baseurl']}/userdetails.php?id={$arr['0']}"); die; } $HTMLOUT = ''; $HTMLOUT .= "<h1>{$lang['text_adduser']}</h1>\r\n <br />\r\n <form method='post' action='admin.php?action=adduser'>\r\n <table border='1' cellspacing='0' cellpadding='5'>\r\n <tr><td class='rowhead'>{$lang['table_username']}</td><td><input type='text' name='username' size='40' /></td></tr>\r\n <tr><td class='rowhead'>{$lang['table_password']}</td><td><input type='password' name='password' size='40' /></td></tr>\r\n <tr><td class='rowhead'>{$lang['table_repasswd']}</td><td><input type='password' name='password2' size='40' /></td></tr>\r\n <tr><td class='rowhead'>{$lang['table_email']}</td><td><input type='text' name='email' size='40' /></td></tr>\r\n <tr><td colspan='2' align='center'><input type='submit' value='{$lang['btn_okay']}' class='btn' /></td></tr>\r\n </table>\r\n </form>"; print stdhead("{$lang['stdhead_adduser']}") . $HTMLOUT . stdfoot();
db_update('users', array('2fa_status' => 'enabled'), array('id' => $_SESSION['id'])); redirect('profile?generic_success=1'); } else { if ($_POST['action'] == '2fa_disable') { db_update('users', array('2fa_status' => 'disabled'), array('id' => $_SESSION['id'])); db_delete('two_factor_auth', array('user_id' => $_SESSION['id'])); redirect('profile?generic_success=1'); } else { if ($_POST['action'] == 'reset_password') { $user = db_select_one('users', array('passhash'), array('id' => $_SESSION['id'])); if (!check_passhash($_POST['current_password'], $user['passhash'])) { message_error('Current password was incorrect.'); } if (!strlen($_POST['new_password'])) { message_error('Password cannot be empty.'); } if ($_POST['new_password'] != $_POST['new_password_again']) { message_error('Passwords did not match.'); } $new_passhash = make_passhash($_POST['new_password']); $password_set = db_update('users', array('passhash' => $new_passhash), array('id' => $_SESSION['id'])); if (!$password_set) { message_error('Password not set.'); } redirect('profile?generic_success=1'); } } } } } }
<?php require '../../../include/mellivora.inc.php'; enforce_authentication(CONFIG_UC_MODERATOR); enforce_instance_auth(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { validate_xsrf_token($_POST['xsrf_token']); if ($_POST['action'] == 'new') { $user_id = db_insert('users', array('email' => $_POST['email'], 'passhash' => make_passhash($_POST['password']), 'team_name' => $_POST['team_name'], 'added' => time(), 'enabled' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? '1' : '0', 'user_type' => isset($type) ? $type : 0, 'country_id' => '200', 'class' => '1', 'competing' => '0')); $instanceID = db_insert('instances', array('name' => $_POST['name'], 'instanceURI' => $_POST['uri'], 'authoratativeAccountID' => $user_id)); if ($_POST['import_sample_challenge_set'] == true) { // db_insert_manual('insert into categories (instanceID,added, added_by, title, description, available_from, available_until) select '.$instanceID.' as instanceID,added, added_by, title,description, available_from, available_until from categories where instanceID = 0'); // $types = db_query_fetch_all('SELECT * FROM categories WHERE instanceID =\''.$instanceID.'\' ORDER BY instanceID ASC'); // // foreach($types as $type){ // question_replication($type['title'],$type['id']); // } // Get all categories from base instance. $baseInstanceCategories = db_query_fetch_all('SELECT * FROM categories WHERE instanceID = 0'); foreach ($baseInstanceCategories as $baseCategory) { $baseChallenges = db_query_fetch_all('SELECT * FROM challenges WHERE category =' . $baseCategory['id']); // create new category and retrive autoincremented ID $categoryID = db_insert('categories', array('added' => time(), 'added_by' => $_SESSION['id'], 'title' => $baseCategory['title'], 'instanceID' => $instanceID, 'description' => $baseCategory['description'], 'available_from' => strtotime('2015-02-03 21:17:57'), 'available_until' => strtotime('2099-02-03 21:17:57'))); // loop through each challenge foreach ($baseChallenges as $baseChallenge) { $challengeID = db_insert('challenges', array('added' => time(), 'added_by' => $_SESSION['id'], 'title' => $baseChallenge['title'], 'description' => $baseChallenge['description'], 'flag' => $baseChallenge['flag'], 'automark' => $baseChallenge['automark'], 'case_insensitive' => $baseChallenge['case_insensitive'], 'points' => $baseChallenge['points'], 'category' => $categoryID, 'num_attempts_allowed' => $baseChallenge['num_attempts_allowed'], 'min_seconds_between_submissions' => $baseChallenge['min_seconds_between_submissions'], 'available_from' => strtotime('2015-02-03 21:17:57'), 'available_until' => strtotime('2099-02-03 21:17:57'), 'instanceID' => $instanceID, 'cloneOf' => $baseChallenge['id'])); $challengeHints = db_query_fetch_all('SELECT * FROM hints WHERE challenge =' . $baseChallenge['id']); foreach ($challengeHints as $hint) { $id = db_insert('hints', array('added' => time(), 'added_by' => $_SESSION['id'], 'challenge' => $challengeID, 'visible' => $hint['visible'], 'body' => $hint['body'], 'instanceID' => $instanceID, 'value' => $hint["value"])); } }
} elseif ($_GET) { $id = 0 + $_GET["id"]; $md5 = $_GET["secret"]; if (!$id) { die; } $res = sql_query("SELECT username, email, passhash, editsecret FROM users WHERE id = " . sqlesc($id)); $arr = mysqli_fetch_assoc($res); $email = $arr["email"]; $sec = $arr['editsecret']; if ($md5 != md5($sec . $email . $arr["passhash"] . $sec)) { die; } $newpassword = make_password(); $sec = mksecret(); $newpasshash = make_passhash($sec, md5($newpassword)); sql_query("UPDATE users SET secret=" . sqlesc($sec) . ", editsecret='', passhash=" . sqlesc($newpasshash) . " WHERE id=" . sqlesc($id) . " AND editsecret=" . sqlesc($arr["editsecret"])) or sqlerr(__FILE__, __LINE__); $mc1->begin_transaction('MyUser_' . $id); $mc1->update_row(false, array('secret' => $sec, 'editsecret' => '', 'passhash' => $newpasshash)); $mc1->commit_transaction($INSTALLER09['expires']['curuser']); $mc1->begin_transaction('user' . $id); $mc1->update_row(false, array('secret' => $secret, 'editsecret' => '', 'passhash' => $newpasshash)); $mc1->commit_transaction($INSTALLER09['expires']['user_cache']); if (!mysqli_affected_rows($GLOBALS["___mysqli_ston"])) { stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_noupdate']}"); } $body = sprintf($lang['email_newpass'], $arr["username"], $newpassword, $INSTALLER09['baseurl']) . $INSTALLER09['site_name']; @mail($email, "{$INSTALLER09['site_name']} {$lang['email_subject']}", $body, "From: {$INSTALLER09['site_email']}") or stderr($lang['stderr_errorhead'], $lang['stderr_nomail']); stderr($lang['stderr_successhead'], sprintf($lang['stderr_mailed'], $email)); } else { $HTMLOUT = '';
function register_account($email, $password, $team_name, $country, $type = null) { if (!CONFIG_ACCOUNTS_SIGNUP_ALLOWED) { message_error('Registration is currently closed.'); } if (empty($email) || empty($password) || empty($team_name)) { message_error('Please fill in all the details correctly.'); } if (isset($type) && !is_valid_id($type)) { message_error('That does not look like a valid team type.'); } if (strlen($team_name) > CONFIG_MAX_TEAM_NAME_LENGTH || strlen($team_name) < CONFIG_MIN_TEAM_NAME_LENGTH) { message_error('Your team name was too long or too short.'); } validate_email($email); if (!allowed_email($email)) { message_error('Email not on whitelist. Please choose a whitelisted email or contact organizers.'); } $num_countries = db_select_one('countries', array('COUNT(*) AS num')); if (!isset($country) || !is_valid_id($country) || $country > $num_countries['num']) { message_error('Please select a valid country.'); } $user = db_select_one('users', array('id'), array('team_name' => $team_name, 'email' => $email), null, 'OR'); if ($user['id']) { message_error('An account with this team name or email already exists.'); } $user_id = db_insert('users', array('email' => $email, 'passhash' => make_passhash($password), 'team_name' => $team_name, 'added' => time(), 'enabled' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? '1' : '0', 'user_type' => isset($type) ? $type : 0, 'country_id' => $country)); // insertion was successful if ($user_id) { // log signup IP log_user_ip($user_id); // signup email $email_subject = CONFIG_SITE_NAME . ' account details'; // body $email_body = htmlspecialchars($team_name) . ', your registration at ' . CONFIG_SITE_NAME . ' was successful.' . "\r\n" . "\r\n" . (CONFIG_ACCOUNTS_DEFAULT_ENABLED ? 'You can now log in using your email and chosen password.' : 'Once the competition starts, please use this email address to log in.') . "\r\n"; if (CONFIG_ACCOUNTS_EMAIL_PASSWORD_ON_SIGNUP) { $email_body .= 'Your password is: ' . $password . "\r\n"; } $email_body .= "\r\n" . 'Please stay tuned for updates!' . "\r\n" . "\r\n" . 'Regards,' . "\r\n" . CONFIG_SITE_NAME; // send details to user send_email(array($email), $email_subject, $email_body); // if account isn't enabled by default, display message and die if (!CONFIG_ACCOUNTS_DEFAULT_ENABLED) { message_generic('Signup successful', 'Thank you for registering! Your chosen email is: ' . htmlspecialchars($email) . '. Make sure to check your spam folder as emails from us may be placed into it. Please stay tuned for updates!'); } else { return true; } } // no rows were inserted return false; }