function iUsers($iname, $ipass, $imail)
{
global $admin_file, $CURUSER;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
list($iclass) = mysql_fetch_row(sql_query('SELECT class FROM users WHERE username = '******'Администратор ' . $CURUSER['username'] . ' пробовал изменить учетные данные пользователя ' . $iname . ' классом выше!', 'red', 'error');
} else {
$updateset = array();
if (!empty($ipass)) {
$secret = mksecret();
$hash = md5($secret . $ipass . $secret);
$updateset[] = "secret = " . sqlesc($secret);
$updateset[] = "passhash = " . sqlesc($hash);
}
if (!empty($imail) && validemail($imail)) {
$updateset[] = "email = " . sqlesc($imail);
}
if (count($updateset)) {
$res = sql_query("UPDATE users SET " . implode(", ", $updateset) . " WHERE username = "******"Ошибка", "Смена пароля завершилась неудачей! Возможно указано несуществующее имя пользователя.", "error");
} else {
stdmsg("Изменения пользователя прошло успешно", "Имя пользователя: " . $iname . (!empty($hash) ? "<br />Новый пароль: " . $ipass : "") . (!empty($imail) ? "<br />Новая почта: " . $imail : ""));
}
}
} else {
echo "<form method=\"post\" action=\"" . $admin_file . ".php?op=iUsers\">" . "<table border=\"0\" cellspacing=\"0\" cellpadding=\"3\">" . "<tr><td class=\"colhead\" colspan=\"2\">Смена пароля</td></tr>" . "<tr>" . "<td><b>Пользователь</b></td>" . "<td><input name=\"iname\" type=\"text\"></td>" . "</tr>" . "<tr>" . "<td><b>Новый пароль</b></td>" . "<td><input name=\"ipass\" type=\"password\"></td>" . "</tr>" . "<tr>" . "<td><b>Новая почта</b></td>" . "<td><input name=\"imail\" type=\"text\"></td>" . "</tr>" . "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"isub\" value=\"Сделать\"></td></tr>" . "</table>" . "<input type=\"hidden\" name=\"op\" value=\"iUsers\" />" . "</form>";
}
}
public static function activate($username, $password, $email)
{
dbconn();
$secret = mksecret();
$wantpasshash = md5($secret . $password . $secret);
$query = "INSERT INTO users (username, passhash, secret, editsecret, email, country, gender, status, class, invites, " . ($type == 'invite' ? "invited_by," : "") . " added, last_access, lang, stylesheet" . ", uploaded) VALUES \n ('" . $username . "','" . $wantpasshash . "','" . $secret . "','" . ' ' . "','" . "{$email}" . "'," . '8' . ",'" . 'N/A' . "', 'confirmed', " . '1' . "," . 0 . ", " . ($type == 'invite' ? "'{$inviter}'," : "") . " '" . date("Y-m-d H:i:s") . "' , " . " '" . date("Y-m-d H:i:s") . "' , " . '25' . "," . '3' . "," . '0' . ")";
print $query;
$ret = sql_query($query) or sqlerr(__FILE__, __LINE__);
}
function make_password()
{
$pass = "";
$unique_id = uniqid(mt_rand(), TRUE);
$prefix = mksecret();
$unique_id .= md5($prefix);
usleep(mt_rand(15000, 1000000));
mt_srand((double) microtime() * 1000000);
$new_uniqueid = uniqid(mt_rand(), TRUE);
$final_rand = md5($unique_id . $new_uniqueid);
mt_srand();
for ($i = 0; $i < 15; $i++) {
$pass .= $final_rand[mt_rand(0, 31)];
}
return $pass;
}
function insert_coder()
{
if ($_POST['coderpass'] != $_POST['coderpass2']) {
die('error: The coder passwords do not match!');
}
$username = $_POST['coderuser'];
$usermail = $_POST['codermail'];
$secret = mksecret();
$wantpasshash = md5($secret . $_POST['coderpass'] . $secret);
$editsecret = mksecret();
$ret = mysql_query("INSERT INTO users (username, class, passhash, secret, editsecret, email, status, added) VALUES (" . implode(",", array_map("sqlesc", array($username, 8, $wantpasshash, $secret, $editsecret, $usermail, 'confirmed'))) . ",'" . get_date_time() . "')");
$rndpasshash = createRandomPassword();
$rndsecret = createRandomPassword();
$rndeditsecret = createRandomPassword();
$rex = mysql_query("INSERT INTO users (id, username, class, passhash, secret, editsecret, email, status, added) VALUES (" . implode(",", array_map("sqlesc", array(2, 'System', 1, $rndpasshash, $rndsecret, $rndeditsecret, '*****@*****.**', 'confirmed'))) . ",'" . get_date_time() . "')");
}
stderr($lang_usercp['std_error'], $lang_usercp['std_wrong_email_address_format'] . goback("-2"), 0);
die;
}
$r = sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr();
if (mysql_num_rows($r) > 0) {
stderr($lang_usercp['std_error'], $lang_usercp['std_email_in_use'] . goback("-2"), 0);
die;
}
$changedemail = 1;
}
if ($resetpasskey == 1) {
$passkey = md5($CURUSER['username'] . date("Y-m-d H:i:s") . $CURUSER['passhash']);
$updateset[] = "passkey = " . sqlesc($passkey);
}
if ($changedemail == 1) {
$sec = mksecret();
$hash = md5($sec . $email . $sec);
$obemail = rawurlencode($email);
$updateset[] = "editsecret = " . sqlesc($sec);
$subject = "{$SITENAME}" . $lang_usercp['mail_profile_change_confirmation'];
$body = <<<EOD
{$lang_usercp['mail_change_email_one']}{$CURUSER["username"]}{$lang_usercp['mail_change_email_two']}({$email}){$lang_usercp['mail_change_email_three']}
{$lang_usercp['mail_change_email_four']}{$_SERVER["REMOTE_ADDR"]}{$lang_usercp['mail_change_email_five']}
{$lang_usercp['mail_change_email_six']}<b><a href="http://{$BASEURL}/confirmemail.php/{$CURUSER["id"]}/{$hash}/{$obemail}" target="_blank">{$lang_usercp['mail_here']}</a></b>{$lang_usercp['mail_change_email_six_1']}<br />
http://{$BASEURL}/confirmemail.php/{$CURUSER["id"]}/{$hash}/{$obemail}
{$lang_usercp['mail_change_email_seven']}
------{$lang_usercp['mail_change_email_eight']}
stderr("Error", "Invalid username.");
}
$username = sqlesc($username);
$res = sql_query("SELECT id FROM users WHERE username={$username}");
$arr = mysql_fetch_row($res);
if ($arr) {
stderr("Error", "Username already exists!");
}
$password = $_POST["password"];
$email = sqlesc($_POST["email"]);
$res = sql_query("SELECT id FROM users WHERE email={$email}");
$arr = mysql_fetch_row($res);
if ($arr) {
stderr("Error", "The e-mail address is already in use.");
}
$secret = mksecret();
$passhash = sqlesc(md5($secret . $password . $secret));
$secret = sqlesc($secret);
sql_query("INSERT INTO users (added, last_access, secret, username, passhash, status, stylesheet, class,email) VALUES(NOW(), NOW(), {$secret}, {$username}, {$passhash}, 'confirmed', " . $defcss . "," . $defaultclass_class . ",{$email})") or sqlerr(__FILE__, __LINE__);
$res = sql_query("SELECT id FROM users WHERE username={$username}");
$arr = mysql_fetch_row($res);
if (!$arr) {
stderr("Error", "Unable to create the account. The user name is possibly already taken.");
}
header("Location: " . get_protocol_prefix() . "{$BASEURL}/userdetails.php?id=" . htmlspecialchars($arr[0]));
die;
}
stdhead("Add user");
?>
<h1><?php
echo $lang_adduser['head_adduser'];
exit;
}
require_once INCL_DIR . 'user_functions.php';
require_once INCL_DIR . 'password_functions.php';
require_once CLASS_DIR . 'class_check.php';
class_check(UC_ADMINISTRATOR);
$lang = array_merge($lang, load_language('ad_adduser'));
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$insert = array('username' => '', 'email' => '', 'secret' => '', 'passhash' => '', 'status' => 'confirmed', 'added' => TIME_NOW, 'last_access' => TIME_NOW);
if (isset($_POST['username']) && strlen($_POST['username']) >= 5) {
$insert['username'] = $_POST['username'];
} else {
stderr($lang['std_err'], $lang['err_username']);
}
if (isset($_POST['password']) && isset($_POST['password2']) && strlen($_POST['password']) > 6 && $_POST['password'] == $_POST['password2']) {
$insert['secret'] = mksecret();
$insert['passhash'] = make_passhash($insert['secret'], md5($_POST['password']));
} else {
stderr($lang['std_err'], $lang['err_password']);
}
if (isset($_POST['email']) && validemail($_POST['email'])) {
$insert['email'] = $_POST['email'];
} else {
stderr($lang['std_err'], $lang['err_email']);
}
if (sql_query(sprintf('INSERT INTO users (username, email, secret, passhash, status, added, last_access) VALUES (%s)', join(', ', array_map('sqlesc', $insert))))) {
$user_id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
stderr($lang['std_success'], sprintf($lang['text_user_added'], $user_id));
} else {
if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) {
$res = sql_query(sprintf('SELECT id FROM users WHERE username = %s', sqlesc($insert['username']))) or sqlerr(__FILE__, __LINE__);
$HTMLOUT .= "</table>";
echo stdhead('Invites') . $HTMLOUT . stdfoot();
die;
} elseif ($do == 'create_invite') {
if ($CURUSER['invites'] <= 0) {
stderr($lang['invites_error'], $lang['invites_noinvite']);
}
if ($CURUSER["invite_rights"] == 'no' || $CURUSER['suspended'] == 'yes') {
stderr($lang['invites_deny'], $lang['invites_disabled']);
}
$res = sql_query("SELECT COUNT(id) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysqli_fetch_row($res);
if ($arr[0] >= $INSTALLER09['invites']) {
stderr($lang['invites_error'], $lang['invites_limit']);
}
$invite = md5(mksecret());
sql_query('INSERT INTO invite_codes (sender, invite_added, code) VALUES (' . sqlesc((int) $CURUSER['id']) . ', ' . TIME_NOW . ', ' . sqlesc($invite) . ')') or sqlerr(__FILE__, __LINE__);
sql_query('UPDATE users SET invites = invites - 1 WHERE id = ' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
$update['invites'] = $CURUSER['invites'] - 1;
$mc1->begin_transaction('MyUser_' . $CURUSER['id']);
$mc1->update_row(false, array('invites' => $update['invites']));
$mc1->commit_transaction($INSTALLER09['expires']['curuser']);
// 15 mins
$mc1->begin_transaction('user' . $CURUSER['id']);
$mc1->update_row(false, array('invites' => $update['invites']));
$mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
// 15 mins
header("Location: ?do=view_page");
} elseif ($do == 'send_email') {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$email = isset($_POST['email']) ? htmlsafechars($_POST['email']) : '';
$res = mysql_query($sql);
if(mysql_num_rows($res) < '1')
bark("Ekki tókst að fletta upp á bjóðanda.");
$checkinv = mysql_fetch_array($res);
if($checkinv['enabled'] === 'no' || $checkinv['deleted'] == '1' || $checkinv['warned'] === 'yes')
bark('Bjóðandi má ekki vera óvirkur, eyddur eða hafa viðvörun.');
if($invite['email'] != $email)
bark('Þessi boðslykill er eingöngu nothæfur til að búa til aðgang fyrir netfangið '.$invite['email']);
if(mysql_num_rows($query) < 1)
bark("Þetta er rangur boðslykill");
mysql_query("UPDATE invites SET used=1 WHERE secret_hash = '$invid' AND email='$email'") or sqlerr();
hit_count();
$md5secret = md5(mksecret());
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = mksecret();
$ret = mysql_query("INSERT INTO users (username, passhash, secret, editsecret, email, enabled, md5secret, invitari, status, added) VALUES (" .
implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $email, 'yes', $md5secret, $invitari, 'pending'))) .
",'" . get_date_time() . "')");
$id = mysql_insert_id();
if (!$ret) {
if (mysql_errno() == 1062) {
bark("Notandanafn er nú þegar til!");
}
bark("borked");
}
//write_log("User account $id ($wantusername) was created");
$a = @mysql_fetch_row(@mysql_query("select count(*) from users where email='{$email}'")) or die(mysql_error());
if ($a[0] != 0) {
stderr($lang['takesignup_user_error'], $lang['takesignup_email_used']);
}
// TIMEZONE STUFF
if (isset($_POST["user_timezone"]) && preg_match('#^\\-?\\d{1,2}(?:\\.\\d{1,2})?$#', $_POST['user_timezone'])) {
$time_offset = sqlesc($_POST['user_timezone']);
} else {
$time_offset = isset($TBDEV['time_offset']) ? sqlesc($TBDEV['time_offset']) : '0';
}
// have a stab at getting dst parameter?
$dst_in_use = localtime(time() + $time_offset * 3600, true);
// TIMEZONE STUFF END
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = !$arr[0] ? "" : mksecret();
$ret = mysql_query("INSERT INTO users (username, passhash, secret, editsecret, email, status, " . (!$arr[0] ? "class, " : "") . "added, time_offset, dst_in_use) VALUES (" . implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $email, !$arr[0] ? 'confirmed' : 'pending'))) . ", " . (!$arr[0] ? UC_SYSOP . ", " : "") . "" . time() . " , {$time_offset}, {$dst_in_use['tm_isdst']})");
if (!$ret) {
if (mysql_errno() == 1062) {
stderr($lang['takesignup_user_error'], $lang['takesignup_user_exists']);
}
stderr($lang['takesignup_user_error'], $lang['takesignup_fatal_error']);
}
$id = mysql_insert_id();
//write_log("User account $id ($wantusername) was created");
$psecret = md5($editsecret);
$body = str_replace(array('<#SITENAME#>', '<#USEREMAIL#>', '<#IP_ADDRESS#>', '<#REG_LINK#>'), array($TBDEV['site_name'], $email, $_SERVER['REMOTE_ADDR'], "{$TBDEV['baseurl']}/confirm.php?id={$id}&secret={$psecret}"), $lang['takesignup_email_body']);
if ($arr[0]) {
mail($email, "{$TBDEV['site_name']} {$lang['takesignup_confirm']}", $body, "{$lang['takesignup_from']} {$TBDEV['site_email']}");
} else {
logincookie($id, $wantpasshash);
$message = sprintf(T_("EMAIL_ADDRESS_BANNED"), $email);
}
// check if email addy is already in use
if (get_row_count("users", "WHERE email='{$email}'")) {
$message = sprintf(T_("EMAIL_ADDRESS_INUSE"), $email);
}
if ($message) {
show_error_msg(T_("ERROR"), $message, 1);
}
$secret = mksecret();
$username = "******" . mksecret(20);
$ret = SQL_Query_exec("INSERT INTO users (username, secret, email, status, invited_by, added, stylesheet, language) VALUES (" . implode(",", array_map("sqlesc", array($username, $secret, $email, 'pending', $CURUSER["id"]))) . ",'" . get_date_time() . "', {$site_config['default_theme']}, {$site_config['default_language']})");
if (!$ret) {
// If username is somehow taken, keep trying
while (mysql_errno() == 1062) {
$username = "******" . mksecret(20);
$ret = SQL_Query_exec("INSERT INTO users (username, secret, email, status, invited_by, added, stylesheet, language) VALUES (" . implode(",", array_map("sqlesc", array($username, $secret, $email, 'pending', $CURUSER["id"]))) . ",'" . get_date_time() . "', {$site_config['default_theme']}, {$site_config['default_language']})");
}
show_error_msg(T_("ERROR"), T_("DATABASE_ERROR"), 1);
}
$id = mysql_insert_id();
$invitees = "{$id} {$CURUSER['invitees']}";
SQL_Query_exec("UPDATE users SET invites = invites - 1, invitees='{$invitees}' WHERE id = {$CURUSER['id']}");
$psecret = md5($secret);
$mess = strip_tags($_POST["mess"]);
$body = <<<EOD
You have been invited to {$site_config['SITENAME']} by {$CURUSER['username']}. They have specified this address ({$email}) as your email.
If you do not know this person, please ignore this email. Please do not reply.
Message:
-------------------------------------------------------------------------------
sql_query("UPDATE users SET ip = '{$ip}', last_access = NOW() WHERE id = {$cid}");
bark("Ваш IP забанен на этом трекере. Регистрация невозможна.");
} else {
bark("Регистрация невозможна!");
}
} else {
$b = mysql_fetch_row(sql_query("SELECT enabled, id FROM users WHERE ip = '{$ip}' ORDER BY last_access DESC LIMIT 1"));
if ($b[0] == 'no') {
$banned_id = $b[1];
setcookie(COOKIE_UID, $banned_id, "0x7fffffff", "/");
bark("Ваш IP забанен на этом трекере. Регистрация невозможна.");
}
}
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = !$users ? "" : mksecret();
if (!$users || !$use_email_act == true) {
$status = 'confirmed';
} else {
$status = 'pending';
}
// This is ugly, we but we have it...
// To-Do rewrite
$ret = sql_query("INSERT INTO users (username, passhash, secret, editsecret, gender, country, icq, msn, aim, yahoo, skype, mirc, website, email, status, " . (!$users ? "class, " : "") . "added, birthday, invitedby, invitedroot, theme) VALUES (" . implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $gender, $country, $icq, $msn, $aim, $yahoo, $skype, $mirc, $website, $email, $status))) . ", " . (!$users ? UC_SYSOP . ", " : "") . "'" . get_date_time() . "', '{$birthday}', '{$inviter}', '{$invitedroot}', '" . select_theme() . "')");
// or sqlerr(__FILE__, __LINE__);
if (!$ret) {
if (mysql_errno() == 1062) {
bark("Пользователь {$wantusername} уже зарегистрирован!");
}
bark("Неизвестная ошибка. Ответ от сервера mySQL: " . htmlspecialchars_uni(mysql_error()));
}
function make_passhash_login_key($len = 60)
{
$pass = mksecret($len);
return md5($pass);
}