}
return 'DELETE ' . implode(', ', $tables) . " FROM " . implode(' ', $joins) . " WHERE t1.id='{$userid}' AND t1.class < '{$maxclass}';";
}
//==
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = trim(htmlsafechars($_POST["username"]));
$password = trim(htmlsafechars($_POST["password"]));
if (!$username || !$password) {
stderr("{$lang['text_error']}", "{$lang['text_please']}");
}
$res = sql_query("SELECT id, secret, passhash FROM users WHERE username="******"") or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($res) != 1) {
stderr("{$lang['text_error']}", "{$lang['text_bad']}");
}
$arr = mysqli_fetch_assoc($res);
$wantpasshash = make_passhash($arr['secret'], md5($password));
if ($arr['passhash'] != $wantpasshash) {
stderr("{$lang['text_error']}", "{$lang['text_bad']}");
}
$userid = (int) $arr['id'];
$res = sql_query(account_delete($userid)) or sqlerr(__FILE__, __LINE__);
//$res = sql_query("DELETE FROM users WHERE id=" . sqlesc($userid)) or sqlerr(__FILE__, __LINE__);
if (mysqli_affected_rows($GLOBALS["___mysqli_ston"]) !== false) {
$mc1->delete_value('MyUser_' . $userid);
$mc1->delete_value('user' . $userid);
write_log("User: {$username} Was deleted by {$CURUSER['username']}");
stderr("{$lang['stderr_success']}", "{$lang['text_success']}");
} else {
stderr($lang['text_error'], $lang['text_unable']);
}
}
}
$email = isset($_POST["mail"]) ? htmlsafechars($_POST["mail"]) : "";
if (empty($email)) {
stderr("Error", "No email adress, you forgot about that?");
}
if (!validemail($email)) {
stderr("Error", "That dosen't look like an email adress");
}
check_banned_emails($email);
//==Check if username or password already exists
$var_check = sql_query("SELECT id, editsecret FROM users where username="******" OR email=" . sqlesc($email)) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($var_check) == 1) {
stderr("Error", "Username or password already exists");
}
$secret = mksecret();
$passhash = make_passhash($secret, md5($password));
//$editsecret = make_passhash_login_key();
$editsecret = EMAIL_CONFIRM ? make_passhash_login_key() : "";
$res = sql_query("INSERT INTO users(username, passhash, secret, editsecret, email, added, uploaded, invites, seedbonus) VALUES (" . implode(",", array_map("sqlesc", array($username, $passhash, $secret, $editsecret, $email, TIME_NOW, $ar_check["bonus_upload"] * 1073741824, $ar_check["bonus_invites"], $ar_check["bonus_karma"]))) . ") ") or sqlerr(__FILE__, __LINE__);
if ($res) {
//==Updating promo table
$userid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
$users = empty($ar_check["users"]) ? $userid : $ar_check["users"] . "," . $userid;
sql_query("update promo set accounts_made=accounts_made+1 , users=" . sqlesc($users) . " WHERE id=" . sqlesc($ar_check["id"])) or sqlerr(__FILE__, __LINE__);
//==Email part :)
$sec = $editsecret;
$subject = $INSTALLER09['site_name'] . " user registration confirmation";
$message = "Hi!\n\t\t\t\t\t\tYou used the link from promo " . htmlsafechars($ar_check["name"]) . " and registred a new account at {$INSTALLER09['site_name']}\n\t\t\t\t\t\t\t\n\t\t\t\t\t\tTo confirm your account click the link below\n\t\t\t\t\t\t{$INSTALLER09['baseurl']}/confirm.php?id=" . (int) $userid . "&secret={$sec}\n\n\t\t\t\t\t\tWelcome and enjoy your stay \n\t\t\t\t\t\tStaff at {$INSTALLER09['site_name']}";
$headers = 'From: ' . $INSTALLER09['site_email'] . "\r\n" . 'Reply-To:' . $INSTALLER09['site_email'] . "\r\n" . 'X-Mailer: PHP/' . phpversion();
$mail = @mail($email, $subject, $message, $headers);
stderr("Success!", "Account was created! and an email was sent to <b>" . htmlsafechars($email) . "</b>, you can use your account once you confirm the email!");
}
require_once INCL_DIR . 'user_functions.php';
require_once INCL_DIR . 'password_functions.php';
require_once CLASS_DIR . 'class_check.php';
class_check(UC_ADMINISTRATOR);
$lang = array_merge($lang, load_language('ad_adduser'));
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$insert = array('username' => '', 'email' => '', 'secret' => '', 'passhash' => '', 'status' => 'confirmed', 'added' => TIME_NOW, 'last_access' => TIME_NOW);
if (isset($_POST['username']) && strlen($_POST['username']) >= 5) {
$insert['username'] = $_POST['username'];
} else {
stderr($lang['std_err'], $lang['err_username']);
}
if (isset($_POST['password']) && isset($_POST['password2']) && strlen($_POST['password']) > 6 && $_POST['password'] == $_POST['password2']) {
$insert['secret'] = mksecret();
$insert['passhash'] = make_passhash($insert['secret'], md5($_POST['password']));
} else {
stderr($lang['std_err'], $lang['err_password']);
}
if (isset($_POST['email']) && validemail($_POST['email'])) {
$insert['email'] = $_POST['email'];
} else {
stderr($lang['std_err'], $lang['err_email']);
}
if (sql_query(sprintf('INSERT INTO users (username, email, secret, passhash, status, added, last_access) VALUES (%s)', join(', ', array_map('sqlesc', $insert))))) {
$user_id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
stderr($lang['std_success'], sprintf($lang['text_user_added'], $user_id));
} else {
if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) {
$res = sql_query(sprintf('SELECT id FROM users WHERE username = %s', sqlesc($insert['username']))) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($res)) {
if (!$row) {
bark();
}
if (!$row) {
$ip = sqlesc(getip());
$added = sqlesc(time());
$fail = @mysql_fetch_row(@sql_query("select count(*) from failedlogins where ip={$ip}")) or sqlerr(__FILE__, __LINE__);
if ($fail[0] == 0) {
sql_query("INSERT INTO failedlogins (ip, added, attempts) VALUES ({$ip}, {$added}, 1)") or sqlerr(__FILE__, __LINE__);
} else {
sql_query("UPDATE failedlogins SET attempts = attempts + 1 where ip={$ip}") or sqlerr(__FILE__, __LINE__);
}
@fclose(@fopen('' . $INSTALLER09['dictbreaker'] . '/' . sha1($_SERVER['REMOTE_ADDR']), 'w'));
bark();
}
if ($row['passhash'] != make_passhash($row['secret'], md5($password))) {
$ip = sqlesc(getip());
$added = sqlesc(time());
$fail = @mysql_fetch_row(@sql_query("select count(*) from failedlogins where ip={$ip}")) or sqlerr(__FILE__, __LINE__);
if ($fail[0] == 0) {
sql_query("INSERT INTO failedlogins (ip, added, attempts) VALUES ({$ip}, {$added}, 1)") or sqlerr(__FILE__, __LINE__);
} else {
sql_query("UPDATE failedlogins SET attempts = attempts + 1 where ip={$ip}") or sqlerr(__FILE__, __LINE__);
}
@fclose(@fopen('' . $INSTALLER09['dictbreaker'] . '/' . sha1($_SERVER['REMOTE_ADDR']), 'w'));
$to = $row["id"];
$subject = "Failed login";
$msg = "[color=red]Security alert[/color]\n Account: ID=" . $row['id'] . " Somebody (probably you, " . $username . " !) tried to login but failed!" . "\nTheir [b]Ip Address [/b] was : " . $ip . "\n If this wasn't you please report this event to a {$INSTALLER09['site_name']} staff member\n - Thank you.\n";
$sql = "INSERT INTO messages (sender, receiver, msg, subject, added) VALUES('System', '{$to}', " . sqlesc($msg) . ", " . sqlesc($subject) . ", {$added});";
$res = sql_query($sql) or sqlerr(__FILE__, __LINE__);
stderr("Login failed !", "<b>Error</b>: Username or password entry incorrect <br />Have you forgotten your password? <a href='{$INSTALLER09['baseurl']}/resetpw.php'><b>Recover</b></a> your password !");
}
if ($chpassword != $passagain) {
stderr("Error", $lang['takeeditcp_pass_not_match']);
}
$secret = mksecret();
$passhash = make_passhash($secret, md5($chpassword));
$updateset[] = "secret = " . sqlesc($secret);
$updateset[] = "passhash = " . sqlesc($passhash);
logincookie($CURUSER["id"], md5($passhash . $_SERVER["REMOTE_ADDR"]));
}
if ($email != $CURUSER["email"]) {
if (!validemail($email)) {
stderr("Error", $lang['takeeditcp_not_valid_email']);
}
$r = @sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr();
if (mysql_num_rows($r) > 0 || $CURUSER["passhash"] != make_passhash($CURUSER['secret'], md5($chmailpass))) {
stderr("Error", $lang['takeeditcp_address_taken']);
}
$changedemail = 1;
}
if ($secretanswer != '') {
if (strlen($secretanswer) > 40) {
stderr("Sorry", "secret answer is too long (max is 40 chars)");
}
if (strlen($secretanswer) < 6) {
stderr("Sorry", "secret answer is too sort (min is 6 chars)");
}
$new_secret_answer = md5($secretanswer);
$updateset[] = "hintanswer = " . sqlesc($new_secret_answer);
}
if (get_parked() == '1') {
function register_account($email, $password, $team_name, $country, $type = null, $phoneNo, $age, $eduI, $eduLevel, $fullName, $instanceID)
{
if (!CONFIG_ACCOUNTS_SIGNUP_ALLOWED) {
message_error('Registration is currently closed.');
}
if (empty($email) || empty($password) || empty($team_name)) {
message_error('Please fill in all the details correctly.');
}
if (isset($type) && !is_valid_id($type)) {
message_error('That does not look like a valid team type.');
}
if (strlen($team_name) > CONFIG_MAX_TEAM_NAME_LENGTH || strlen($team_name) < CONFIG_MIN_TEAM_NAME_LENGTH) {
message_error('Your team name was too long or too short.');
}
validate_email($email);
if (!allowed_email($email)) {
message_error('Email not on whitelist. Please choose a whitelisted email or contact organizers.');
}
$num_countries = db_select_one('countries', array('COUNT(*) AS num'));
if (!isset($country) || !is_valid_id($country) || $country > $num_countries['num']) {
message_error('Please select a valid country.');
}
$user = db_select_one('users', array('id'), array('team_name' => $team_name, 'email' => $email), null, 'OR');
if ($user['id']) {
message_error('An account with this team name or email already exists.');
}
$user_id = db_insert('users', array('email' => $email, 'passhash' => make_passhash($password), 'team_name' => $team_name, 'added' => time(), 'enabled' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? '1' : '0', 'user_type' => isset($type) ? $type : 0, 'country_id' => $country, 'DOB' => $age, 'mobileNo' => $phoneNo, 'eduInstitution' => $eduI, 'eduLevel' => $eduLevel, 'fullName' => $fullName, 'instanceID' => $instanceID));
// insertion was successful
if ($user_id) {
// log signup IP
log_user_ip($user_id);
// if account isn't enabled by default, display message and die
if (!CONFIG_ACCOUNTS_DEFAULT_ENABLED) {
message_generic('Signup successful', 'Thank you for registering!
Your chosen email is: ' . htmlspecialchars($email) . '.
Make sure to check your spam folder as emails from us may be placed into it.
Please stay tuned for updates!');
} else {
return true;
}
}
// no rows were inserted
return false;
}
}
}
// stage 1, part 2
if ($_POST['action'] == 'reset_password') {
if (CONFIG_RECAPTCHA_ENABLE_PUBLIC) {
validate_captcha();
}
$user = db_select_one('users', array('id', 'team_name', 'email'), array('email' => $_POST[md5(CONFIG_SITE_NAME . 'EMAIL')]));
if ($user['id']) {
$auth_key = hash('sha256', generate_random_string(128));
db_insert('reset_password', array('added' => time(), 'user_id' => $user['id'], 'ip' => get_ip(true), 'auth_key' => $auth_key));
$email_subject = 'Password recovery for team ' . htmlspecialchars($user['team_name']);
// body
$email_body = htmlspecialchars($user['team_name']) . ', please follow the link below to reset your password:'******'reset_password?action=choose_password&auth_key=' . $auth_key . '&id=' . $user['id'] . "\r\n" . "\r\n" . 'Regards,' . "\r\n" . CONFIG_SITE_NAME;
// send details to user
send_email(array($user['email']), $email_subject, $email_body);
}
message_generic('Success', 'If the email you provided was found in the database, an email has now been sent to it with further instructions!');
} else {
if ($_POST['action'] == 'choose_password' && is_valid_id($auth['user_id'])) {
$new_password = $_POST[md5(CONFIG_SITE_NAME . 'PWD')];
if (empty($new_password)) {
message_error('You can\'t have an empty password');
}
$new_passhash = make_passhash($new_password);
db_update('users', array('passhash' => $new_passhash), array('id' => $auth['user_id']));
db_delete('reset_password', array('user_id' => $auth['user_id']));
message_generic('Success', 'Your password has been reset.');
}
}
}
function register_account($email, $password, $team_name, $country, $type = null)
{
if (!CONFIG_ACCOUNTS_SIGNUP_ALLOWED) {
message_error(lang_get('registration_closed'));
}
if (empty($email) || empty($password) || empty($team_name)) {
message_error(lang_get('please_fill_details_correctly'));
}
if (isset($type) && !is_valid_id($type)) {
message_error(lang_get('invalid_team_type'));
}
if (strlen($team_name) > CONFIG_MAX_TEAM_NAME_LENGTH || strlen($team_name) < CONFIG_MIN_TEAM_NAME_LENGTH) {
message_error('team_name_too_long_or_short');
}
validate_email($email);
if (!allowed_email($email)) {
message_error(lang_get('email_not_whitelisted'));
}
$num_countries = db_select_one('countries', array('COUNT(*) AS num'));
if (!isset($country) || !is_valid_id($country) || $country > $num_countries['num']) {
message_error(lang_get('please_supply_country_code'));
}
$user = db_select_one('users', array('id'), array('team_name' => $team_name, 'email' => $email), null, 'OR');
if ($user['id']) {
message_error(lang_get('user_already_exists'));
}
$user_id = db_insert('users', array('email' => $email, 'passhash' => make_passhash($password), 'team_name' => $team_name, 'added' => time(), 'enabled' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? '1' : '0', 'user_type' => isset($type) ? $type : 0, 'country_id' => $country));
// insertion was successful
if ($user_id) {
// log signup IP
log_user_ip($user_id);
// signup email
$email_subject = lang_get('signup_email_subject', array('site_name' => CONFIG_SITE_NAME));
// body
$email_body = lang_get('signup_email_success', array('team_name' => htmlspecialchars($team_name), 'site_name' => CONFIG_SITE_NAME, 'signup_email_availability' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? lang_get('signup_email_account_availability_message_login_now') : lang_get('signup_email_account_availability_message_login_later'), 'signup_email_password' => CONFIG_ACCOUNTS_EMAIL_PASSWORD_ON_SIGNUP ? lang_get('your_password_is') . ': ' . $password : lang_get('your_password_was_set')));
// send details to user
send_email(array($email), $email_subject, $email_body);
// if account isn't enabled by default, display message and die
if (!CONFIG_ACCOUNTS_DEFAULT_ENABLED) {
message_generic(lang_get('signup_successful'), lang_get('signup_successful_text', array('email' => htmlspecialchars($email))));
} else {
return true;
}
}
// no rows were inserted
return false;
}
die;
}
$select = mysql_query('SELECT id, editsecret FROM users WHERE id = ' . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$fetch = mysql_fetch_assoc($select) or stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error8']}");
if (empty($newpass)) {
stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error9']}");
}
if ($newpass != $newpassagain) {
stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error10']}");
}
if (strlen($newpass) < 6) {
stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error11']}");
}
if (strlen($newpass) > 40) {
stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error12']}");
}
$secret = mksecret();
$newpassword = make_passhash($secret, md5($newpass));
mysql_query('UPDATE users SET secret = ' . sqlesc($secret) . ', editsecret = "", passhash=' . sqlesc($newpassword) . ' WHERE id = ' . sqlesc($id) . ' AND editsecret = ' . sqlesc($fetch["editsecret"]));
if (!mysql_affected_rows()) {
stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error13']}");
} else {
stderr("{$lang['stderr_successhead']}", "{$lang['stderr_error14']} <a href='{$TBDEV['baseurl']}/login.php' class='altlink'><b>{$lang['stderr_error15']}</b></a> {$lang['stderr_error16']}", FALSE);
}
} else {
if (isset($_SESSION['captcha_time'])) {
time() - $_SESSION['captcha_time'] < 10 ? exit($lang['captcha_spam']) : NULL;
}
$HTMLOUT .= "<script type='text/javascript' src='scripts/jquery.js'></script>\r\n <script type='text/javascript' src='scripts/jquery.simpleCaptcha-0.2.js'></script>\r\n <script type='text/javascript'>\r\n\t \$(document).ready(function () {\r\n\t \$('#captchalogin').simpleCaptcha();\r\n });\r\n </script>\r\n<p>{$lang['main_body']}</p>\r\n<br />\r\n<form method='post' action='" . $_SERVER['PHP_SELF'] . "?step=1'>\r\n<table border='1' cellspacing='0' cellpadding='10'>\r\n<tr>\r\n<td class='rowhead'>{$lang['main_email_add']}</td><td><input type='text' size='40' name='email' /></td></tr>\r\n<tr>\r\n<td class='rowhead' colspan='2' id='captchalogin'></td>\r\n</tr>\r\n<tr><td colspan='2' align='center'><input type='submit' value='{$lang['main_recover']}' style='height: 25px' /></td></tr></table>\r\n</form>";
print stdhead('Reset Lost Password') . $HTMLOUT . stdfoot();
}
header("Location: {$TBDEV['baseurl']}/index.php");
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "") {
stderr("{$lang['stderr_error']}", "{$lang['text_missing']}");
}
if ($_POST["password"] != $_POST["password2"]) {
stderr("{$lang['stderr_error']}", "{$lang['text_passwd']}");
}
if (!validemail($_POST['email'])) {
stderr("{$lang['stderr_error']}", "{$lang['text_email']}");
}
$username = sqlesc($_POST["username"]);
$password = $_POST["password"];
$email = sqlesc($_POST["email"]);
$secret = mksecret();
$passhash = sqlesc(make_passhash($secret, md5($password)));
$secret = sqlesc($secret);
$time_now = time();
@mysql_query("INSERT INTO users (added, last_access, secret, username, passhash, status, email) VALUES({$time_now}, {$time_now}, {$secret}, {$username}, {$passhash}, 'confirmed', {$email})") or sqlerr(__FILE__, __LINE__);
$res = @mysql_query("SELECT id FROM users WHERE username={$username}");
$arr = mysql_fetch_row($res);
if (!$arr) {
stderr("{$lang['stderr_error']}", "{$lang['text_username']}");
}
header("Location: {$TBDEV['baseurl']}/userdetails.php?id={$arr['0']}");
die;
}
$HTMLOUT = '';
$HTMLOUT .= "<h1>{$lang['text_adduser']}</h1>\r\n <br />\r\n <form method='post' action='admin.php?action=adduser'>\r\n <table border='1' cellspacing='0' cellpadding='5'>\r\n <tr><td class='rowhead'>{$lang['table_username']}</td><td><input type='text' name='username' size='40' /></td></tr>\r\n <tr><td class='rowhead'>{$lang['table_password']}</td><td><input type='password' name='password' size='40' /></td></tr>\r\n <tr><td class='rowhead'>{$lang['table_repasswd']}</td><td><input type='password' name='password2' size='40' /></td></tr>\r\n <tr><td class='rowhead'>{$lang['table_email']}</td><td><input type='text' name='email' size='40' /></td></tr>\r\n <tr><td colspan='2' align='center'><input type='submit' value='{$lang['btn_okay']}' class='btn' /></td></tr>\r\n </table>\r\n </form>";
print stdhead("{$lang['stdhead_adduser']}") . $HTMLOUT . stdfoot();
db_update('users', array('2fa_status' => 'enabled'), array('id' => $_SESSION['id']));
redirect('profile?generic_success=1');
} else {
if ($_POST['action'] == '2fa_disable') {
db_update('users', array('2fa_status' => 'disabled'), array('id' => $_SESSION['id']));
db_delete('two_factor_auth', array('user_id' => $_SESSION['id']));
redirect('profile?generic_success=1');
} else {
if ($_POST['action'] == 'reset_password') {
$user = db_select_one('users', array('passhash'), array('id' => $_SESSION['id']));
if (!check_passhash($_POST['current_password'], $user['passhash'])) {
message_error('Current password was incorrect.');
}
if (!strlen($_POST['new_password'])) {
message_error('Password cannot be empty.');
}
if ($_POST['new_password'] != $_POST['new_password_again']) {
message_error('Passwords did not match.');
}
$new_passhash = make_passhash($_POST['new_password']);
$password_set = db_update('users', array('passhash' => $new_passhash), array('id' => $_SESSION['id']));
if (!$password_set) {
message_error('Password not set.');
}
redirect('profile?generic_success=1');
}
}
}
}
}
}
<?php
require '../../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
enforce_instance_auth();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
validate_xsrf_token($_POST['xsrf_token']);
if ($_POST['action'] == 'new') {
$user_id = db_insert('users', array('email' => $_POST['email'], 'passhash' => make_passhash($_POST['password']), 'team_name' => $_POST['team_name'], 'added' => time(), 'enabled' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? '1' : '0', 'user_type' => isset($type) ? $type : 0, 'country_id' => '200', 'class' => '1', 'competing' => '0'));
$instanceID = db_insert('instances', array('name' => $_POST['name'], 'instanceURI' => $_POST['uri'], 'authoratativeAccountID' => $user_id));
if ($_POST['import_sample_challenge_set'] == true) {
// db_insert_manual('insert into categories (instanceID,added, added_by, title, description, available_from, available_until) select '.$instanceID.' as instanceID,added, added_by, title,description, available_from, available_until from categories where instanceID = 0');
// $types = db_query_fetch_all('SELECT * FROM categories WHERE instanceID =\''.$instanceID.'\' ORDER BY instanceID ASC');
//
// foreach($types as $type){
// question_replication($type['title'],$type['id']);
// }
// Get all categories from base instance.
$baseInstanceCategories = db_query_fetch_all('SELECT * FROM categories WHERE instanceID = 0');
foreach ($baseInstanceCategories as $baseCategory) {
$baseChallenges = db_query_fetch_all('SELECT * FROM challenges WHERE category =' . $baseCategory['id']);
// create new category and retrive autoincremented ID
$categoryID = db_insert('categories', array('added' => time(), 'added_by' => $_SESSION['id'], 'title' => $baseCategory['title'], 'instanceID' => $instanceID, 'description' => $baseCategory['description'], 'available_from' => strtotime('2015-02-03 21:17:57'), 'available_until' => strtotime('2099-02-03 21:17:57')));
// loop through each challenge
foreach ($baseChallenges as $baseChallenge) {
$challengeID = db_insert('challenges', array('added' => time(), 'added_by' => $_SESSION['id'], 'title' => $baseChallenge['title'], 'description' => $baseChallenge['description'], 'flag' => $baseChallenge['flag'], 'automark' => $baseChallenge['automark'], 'case_insensitive' => $baseChallenge['case_insensitive'], 'points' => $baseChallenge['points'], 'category' => $categoryID, 'num_attempts_allowed' => $baseChallenge['num_attempts_allowed'], 'min_seconds_between_submissions' => $baseChallenge['min_seconds_between_submissions'], 'available_from' => strtotime('2015-02-03 21:17:57'), 'available_until' => strtotime('2099-02-03 21:17:57'), 'instanceID' => $instanceID, 'cloneOf' => $baseChallenge['id']));
$challengeHints = db_query_fetch_all('SELECT * FROM hints WHERE challenge =' . $baseChallenge['id']);
foreach ($challengeHints as $hint) {
$id = db_insert('hints', array('added' => time(), 'added_by' => $_SESSION['id'], 'challenge' => $challengeID, 'visible' => $hint['visible'], 'body' => $hint['body'], 'instanceID' => $instanceID, 'value' => $hint["value"]));
}
}
} elseif ($_GET) {
$id = 0 + $_GET["id"];
$md5 = $_GET["secret"];
if (!$id) {
die;
}
$res = sql_query("SELECT username, email, passhash, editsecret FROM users WHERE id = " . sqlesc($id));
$arr = mysqli_fetch_assoc($res);
$email = $arr["email"];
$sec = $arr['editsecret'];
if ($md5 != md5($sec . $email . $arr["passhash"] . $sec)) {
die;
}
$newpassword = make_password();
$sec = mksecret();
$newpasshash = make_passhash($sec, md5($newpassword));
sql_query("UPDATE users SET secret=" . sqlesc($sec) . ", editsecret='', passhash=" . sqlesc($newpasshash) . " WHERE id=" . sqlesc($id) . " AND editsecret=" . sqlesc($arr["editsecret"])) or sqlerr(__FILE__, __LINE__);
$mc1->begin_transaction('MyUser_' . $id);
$mc1->update_row(false, array('secret' => $sec, 'editsecret' => '', 'passhash' => $newpasshash));
$mc1->commit_transaction($INSTALLER09['expires']['curuser']);
$mc1->begin_transaction('user' . $id);
$mc1->update_row(false, array('secret' => $secret, 'editsecret' => '', 'passhash' => $newpasshash));
$mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
if (!mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_noupdate']}");
}
$body = sprintf($lang['email_newpass'], $arr["username"], $newpassword, $INSTALLER09['baseurl']) . $INSTALLER09['site_name'];
@mail($email, "{$INSTALLER09['site_name']} {$lang['email_subject']}", $body, "From: {$INSTALLER09['site_email']}") or stderr($lang['stderr_errorhead'], $lang['stderr_nomail']);
stderr($lang['stderr_successhead'], sprintf($lang['stderr_mailed'], $email));
} else {
$HTMLOUT = '';
function register_account($email, $password, $team_name, $country, $type = null)
{
if (!CONFIG_ACCOUNTS_SIGNUP_ALLOWED) {
message_error('Registration is currently closed.');
}
if (empty($email) || empty($password) || empty($team_name)) {
message_error('Please fill in all the details correctly.');
}
if (isset($type) && !is_valid_id($type)) {
message_error('That does not look like a valid team type.');
}
if (strlen($team_name) > CONFIG_MAX_TEAM_NAME_LENGTH || strlen($team_name) < CONFIG_MIN_TEAM_NAME_LENGTH) {
message_error('Your team name was too long or too short.');
}
validate_email($email);
if (!allowed_email($email)) {
message_error('Email not on whitelist. Please choose a whitelisted email or contact organizers.');
}
$num_countries = db_select_one('countries', array('COUNT(*) AS num'));
if (!isset($country) || !is_valid_id($country) || $country > $num_countries['num']) {
message_error('Please select a valid country.');
}
$user = db_select_one('users', array('id'), array('team_name' => $team_name, 'email' => $email), null, 'OR');
if ($user['id']) {
message_error('An account with this team name or email already exists.');
}
$user_id = db_insert('users', array('email' => $email, 'passhash' => make_passhash($password), 'team_name' => $team_name, 'added' => time(), 'enabled' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? '1' : '0', 'user_type' => isset($type) ? $type : 0, 'country_id' => $country));
// insertion was successful
if ($user_id) {
// log signup IP
log_user_ip($user_id);
// signup email
$email_subject = CONFIG_SITE_NAME . ' account details';
// body
$email_body = htmlspecialchars($team_name) . ', your registration at ' . CONFIG_SITE_NAME . ' was successful.' . "\r\n" . "\r\n" . (CONFIG_ACCOUNTS_DEFAULT_ENABLED ? 'You can now log in using your email and chosen password.' : 'Once the competition starts, please use this email address to log in.') . "\r\n";
if (CONFIG_ACCOUNTS_EMAIL_PASSWORD_ON_SIGNUP) {
$email_body .= 'Your password is: ' . $password . "\r\n";
}
$email_body .= "\r\n" . 'Please stay tuned for updates!' . "\r\n" . "\r\n" . 'Regards,' . "\r\n" . CONFIG_SITE_NAME;
// send details to user
send_email(array($email), $email_subject, $email_body);
// if account isn't enabled by default, display message and die
if (!CONFIG_ACCOUNTS_DEFAULT_ENABLED) {
message_generic('Signup successful', 'Thank you for registering!
Your chosen email is: ' . htmlspecialchars($email) . '.
Make sure to check your spam folder as emails from us may be placed into it.
Please stay tuned for updates!');
} else {
return true;
}
}
// no rows were inserted
return false;
}
