public function post() { $user = Model::factory('User')->where_equal('login', $_POST['email'])->find_one(); if (isset($user->id)) { echo "Error: This user already exists"; $this->app->redirect($this->app->getBaseUri() . '/signup?error=1'); } else { $user = Model::factory('User')->create(); $user->login = $_POST['email']; $user->email = $_POST['email']; $user->name = $_POST['name']; $user->display_name = $_POST['name']; $user->pass = passhash($_POST['pass']); $user->status = 1; $user->phone = $_POST['phone']; $user->activation_key = md5(uniqid(mt_rand(), true)); $user->registered = date('Y-m-d H:i:s'); $user->type = 'user'; $user->save(); $uid = $user->id; // all other form fields we save as usermeta.... foreach ($_POST as $k => $v) { if ($k == 'pass') { continue; } $userm = Model::factory('Usermeta')->create(); $userm->user_id = $uid; $userm->mkey = $k; $userm->mvalue = $v; $userm->save(); } } $this->app->redirect($this->app->getBaseUri() . '/login'); }
} if ($_POST['user'] != '') { $USR = strtolower($_POST['user']); } else { $err .= i18n_r('USERNAME_ERROR') . '<br />'; } if (!check_email_address($_POST['email'])) { $err .= i18n_r('EMAIL_ERROR') . '<br />'; } else { $EMAIL = $_POST['email']; } # if there were no errors, continue setting up the site if ($err == '') { # create new password $random = createRandomPassword(); $PASSWD = passhash($random); # create user xml file $file = _id($USR) . '.xml'; createBak($file, GSUSERSPATH, GSBACKUSERSPATH); $xml = new SimpleXMLElement('<item></item>'); $xml->addChild('USR', $USR); $xml->addChild('PWD', $PASSWD); $xml->addChild('EMAIL', $EMAIL); $xml->addChild('HTMLEDITOR', '1'); $xml->addChild('TIMEZONE', $TIMEZONE); $xml->addChild('LANG', $LANG); if (!XMLsave($xml, GSUSERSPATH . $file)) { $kill = i18n_r('CHMOD_ERROR'); } # create password change trigger file $flagfile = GSUSERSPATH . _id($USR) . ".xml.reset";
# passwords do not match if changing or adding users passwords $error = i18n_r('PASSWORD_NO_MATCH'); $password = ''; } else { if ($pwd1 != '' && strlen($pwd1) < getDef('GSPASSLENGTHMIN')) { # password cannot be shorter than GSPASSLENGTH $error = i18n_r('PASSWORD_TOO_SHORT'); $password = ''; } else { if ($pwd1 != '') { # password changed $newpassword = $pwd1; // set new password exec_action('profile-password-changed'); // @hook profile-password-changed a users password was changed $password = passhash($newpassword); // set new password } } } // check valid lang files if (isset($lang_array) && !in_array($lang . '.php', $lang_array) && !in_array($lang . '.PHP', $lang_array)) { $lang = ''; } // create new xml $xml = new SimpleXMLElement('<item></item>'); $xml->addChild('USR', $userid); $xml->addChild('NAME', $name); $xml->addChild('PWD', $password); $xml->addChild('EMAIL', $email); $xml->addChild('HTMLEDITOR', $htmleditor);
# was the form submitted? if (isset($_POST['submitted'])) { # initial variable setup $user_xml = GSUSERSPATH . _id($_POST['userid']) . '.xml'; $userid = strtolower($_POST['userid']); $password = $_POST['pwd']; $error = null; # check the username or password fields if (!$userid || !$password) { $error = i18n_r('FILL_IN_REQ_FIELD'); } # check for any errors if (!$error) { exec_action('successful-login-start'); # hash the given password $password = passhash($password); # does this user exist? if (file_exists($user_xml)) { # pull the data from the user's data file $data = getXML($user_xml); $PASSWD = $data->PWD; $USR = strtolower($data->USR); # do the username and password match? if ($userid == $USR && $password == $PASSWD) { $authenticated = true; } else { $authenticated = false; # add login failure to failed logins log $logFailed = new GS_Logging_Class('failedlogins.log'); $logFailed->add('Username', $userid); $logFailed->add('Reason', 'Invalid Password');
public function savenew() { $this->app->condition('signed_in'); $me = Model::factory('User')->where_equal('id', $this->app->store('user'))->find_one(); if (isset($_POST['pass1']) && isset($_POST['pass2'])) { if (!empty($_POST['pass1']) && !empty($_POST['pass2'])) { $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; if ($pass1 == $pass2) { $_POST['pass'] = $pass1; } else { header("Location: /user/new" . (isset($_REQUEST['embed']) ? '?embed=' . $_REQUEST['embed'] : null)); exit; } } $user = Model::factory('User')->create(); $user->login = $_POST['email']; $user->email = $_POST['email']; $user->name = $_POST['name']; $user->display_name = $_POST['name']; $user->pass = passhash($_POST['pass']); $user->status = 1; $user->phone = $_POST['phone']; $user->activation_key = md5(uniqid(mt_rand(), true)); $user->registered = date('Y-m-d H:i:s'); $user->type = 'user'; $user->save(); // all other form fields we save as usermeta.... foreach ($_POST as $k => $v) { if ($k == 'pass') { continue; } $userm = Model::factory('Usermeta')->create(); $userm->user_id = $uid; $userm->mkey = $k; $userm->mvalue = $v; $userm->save(); } # header("Location: /user"); echo '<script>top.location.href="/user";</script>'; exit; } }
$HTMLEDITOR = ''; } # check to see if passwords are changing if (isset($_POST['sitepwd'])) { $pwd1 = $_POST['sitepwd']; } if (isset($_POST['sitepwd_confirm'])) { $pwd2 = $_POST['sitepwd_confirm']; } if ($pwd1 != $pwd2 && $pwd2 != '') { #passwords do not match $error = i18n_r('PASSWORD_NO_MATCH'); } else { # password cannot be null if ($pwd1 != '' && $pwd2 != '') { $PASSWD = passhash($pwd1); } // check valid lang files if (!in_array($LANG . '.php', $lang_array) and !in_array($LANG . '.PHP', $lang_array)) { die; } # create user xml file createBak($file, GSUSERSPATH, GSBACKUSERSPATH); if (file_exists(GSUSERSPATH . _id($USR) . '.xml.reset')) { unlink(GSUSERSPATH . _id($USR) . '.xml.reset'); } $xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>'); $xml->addChild('USR', $USR); $xml->addChild('NAME', var_out($NAME)); $xml->addChild('PWD', $PASSWD); $xml->addChild('EMAIL', var_out($EMAIL, 'email'));
$message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email); } // check if email addy is already in use $a = @mysql_fetch_row(@SQL_Query_exec("select count(*) from users where email='{$email}'")); if ($a[0] != 0) { $message = sprintf(T_("EMAIL_ADDRESS_INUSE_S"), $email); } } //check username isnt in use $a = @mysql_fetch_row(@SQL_Query_exec("select count(*) from users where username='******'")); if ($a[0] != 0) { $message = sprintf(T_("USERNAME_INUSE_S"), $wantusername); } $secret = mksecret(); //generate secret field $wantpassword = passhash($wantpassword); // hash the password } if ($message != "") { show_error_msg(T_("SIGNUP_FAILED"), $message, 1); } if ($message == "") { if ($invite_row) { SQL_Query_exec("UPDATE users SET username="******", password="******", secret=" . sqlesc($secret) . ", status='confirmed', added='" . get_date_time() . "' WHERE id={$invite_row['id']}"); //send pm to new user if ($site_config["WELCOMEPMON"]) { $dt = sqlesc(get_date_time()); $msg = sqlesc($site_config["WELCOMEPMMSG"]); SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, {$invite_row['id']}, {$dt}, {$msg}, 0)"); } header("Refresh: 0; url=account-confirm-ok.php?type=confirm");
if (is_valid_id($_POST["id"]) && strlen($_POST["secret"]) == 32) { $password = $_POST["password"]; $password1 = $_POST["password1"]; if (empty($password) || empty($password1)) { $kind = "" . ERROR . ""; $msg = "" . NO_EMTY_FIELDS . ""; } elseif ($password != $password1) { $kind = "" . ERROR . ""; $msg = "" . PASS_NO_MATCH . ""; } else { $n = get_row_count("users", "WHERE `id`=" . intval($_POST["id"]) . " AND MD5(`secret`) = " . sqlesc($_POST["secret"])); if ($n != 1) { show_error2("" . ERROR . "", "" . NO_SUCH_USER . ""); } $newsec = sqlesc(mksecret()); SQL_Query_exec("UPDATE `users` SET `password` = '" . passhash($password) . "', `secret` = {$newsec} WHERE `id`=" . intval($_POST['id']) . " AND MD5(`secret`) = " . sqlesc($_POST["secret"])); $kind = "" . SUCCESS . ""; $msg = "" . PASS_CHANGED_OK . ""; } } if ($_SERVER["REQUEST_METHOD"] == "POST" && $_GET["take"] == 1) { $email = trim($_POST["email"]); if (!validemail($email)) { $msg = "" . EMAIL_NOT_VALID . ""; $kind = "" . ERROR . ""; } else { $res = SQL_Query_exec("SELECT id, username, email FROM users WHERE email=" . sqlesc($email) . " LIMIT 1"); $arr = mysql_fetch_assoc($res); if (!$arr) { $msg = "" . EMAIL_NOT_FOUND . ""; $kind = "" . ERROR . "";
# get user information from existing XML file if (filepath_is_safe(GSUSERSPATH . $file, GSUSERSPATH) && file_exists(GSUSERSPATH . $file)) { $data = getXML(GSUSERSPATH . $file); $userid = strtolower($data->USR); $EMAIL = $data->EMAIL; if (strtolower($_POST['username']) === $userid) { # create new random password $random = createRandomPassword(); // $random = '1234'; # create backup backup_datafile(GSUSERSPATH . $file); # copy user file into password change trigger file $flagfile = GSUSERSPATH . getPWDresetName(_id($userid), 'xml'); copy_file(GSUSERSPATH . $file, $flagfile); # change password and resave xml file $data->PWD = passhash($random); $status = XMLsave($data, GSUSERSPATH . $file); # send the email with the new password $subject = $site_full_name . ' ' . i18n_r('RESET_PASSWORD') . ' ' . i18n_r('ATTEMPT'); $message = "<p>" . cl($SITENAME) . " " . i18n_r('RESET_PASSWORD') . " " . i18n_r('ATTEMPT') . '</p>'; $message .= "<p>" . i18n_r('LABEL_USERNAME') . ": <strong>" . $userid . "</strong>"; $message .= "<br>" . i18n_r('NEW_PASSWORD') . ": <strong>" . $random . "</strong>"; $message .= '<br>' . i18n_r('EMAIL_LOGIN') . ': <a href="' . $SITEURL . $GSADMIN . '/">' . $SITEURL . $GSADMIN . '/</a></p>'; exec_action('resetpw-success'); // @hook resetpw-success a user password reset occured $emailstatus = sendmail($EMAIL, $subject, $message); # if email fails, we do nothing, maybe handle this in the future # show the result of the reset attempt usleep($randSleep); redirect("resetpassword.php?upd=pwd-" . ($status && $emailstatus ? 'success' : 'error')); } else {
public function mmProcessEditUser() { global $xml, $perm; $NUSR = $_POST['usernamec']; $usrfile = $_POST['usernamec'] . '.xml'; $NLANDING = !isset($_POST['Landing']) || isset($_POST['Landing']) && $_POST['Landing'] == 'pages.php' ? '' : $_POST['Landing']; $NPASSWD = isset($_POST['userpassword']) && !empty($_POST['userpassword']) ? passhash($_POST['userpassword']) : $_POST['nano']; $email = isset($_POST['useremail']) ? $_POST['useremail'] : ''; $timezone = isset($_POST['ntimezone']) ? $_POST['ntimezone'] : ''; $lang = isset($_POST['userlng']) ? $_POST['userlng'] : ''; $usersname = isset($_POST['users_name']) ? $_POST['users_name'] : ''; $usersbio = isset($_POST['users_bio']) ? $_POST['users_bio'] : ''; $files = isset($_POST['Files']) ? $_POST['Files'] : ''; $pages = isset($_POST['Pages']) ? $_POST['Pages'] : ''; $theme = isset($_POST['Theme']) ? $_POST['Theme'] : ''; $plugins = isset($_POST['Plugins']) ? $_POST['Plugins'] : ''; $backups = isset($_POST['Backups']) ? $_POST['Backups'] : ''; $settings = isset($_POST['Settings']) ? $_POST['Settings'] : ''; $support = isset($_POST['Support']) ? $_POST['Support'] : ''; $edit = isset($_POST['Edit']) ? $_POST['Edit'] : ''; $admin = isset($_POST['Admin']) ? $_POST['Admin'] : ''; if (isset($_POST['usernamec'])) { // Edit user xml file - This coding was mostly taken from the 'settings.php' page.. $xml = new SimpleXMLExtended('<item></item>'); $xml->addChild('USR', $NUSR); $xml->addChild('PWD', $NPASSWD); $xml->addChild('EMAIL', $email); $xml->addChild('HTMLEDITOR', $_POST['usereditor']); $xml->addChild('TIMEZONE', $timezone); $xml->addChild('LANG', $lang); $xml->addChild('USERSNAME', $usersname); $userbio = $xml->addChild('USERSBIO'); $userbio->addCData($usersbio); $perm = $xml->addChild('PERMISSIONS'); $perm->addChild('PAGES', $pages); $perm->addChild('FILES', $files); $perm->addChild('THEME', $theme); $perm->addChild('PLUGINS', $plugins); $perm->addChild('BACKUPS', $backups); $perm->addChild('SETTINGS', $settings); $perm->addChild('SUPPORT', $support); $perm->addChild('EDIT', $edit); $perm->addChild('LANDING', $NLANDING); $perm->addChild('ADMIN', $admin); save_custom_permissions(); if (!XMLsave($xml, GSUSERSPATH . $usrfile)) { $error = i18n_r('user-managment/SAVEERROR'); echo $error; } else { print '<div class="updated" style="display: block;">' . i18n_r('user-managment/SAVED') . '</div>'; } mmManageUsersForm(); } }
// TorrentTrader v2.x // $LastChangedDate: 2012-09-19 19:13:35 +0100 (Wed, 19 Sep 2012) $ // $LastChangedBy: torrenttrader $ // // http://www.torrenttrader.org // // require_once "backend/functions.php"; dbconn(); if (!empty($_REQUEST["returnto"])) { if (!$_GET["nowarn"]) { $nowarn = T_("MEMBERS_ONLY"); } } if ($_POST["username"] && $_POST["password"]) { $password = passhash($_POST["password"]); if (!empty($_POST["username"]) && !empty($_POST["password"])) { $res = SQL_Query_exec("SELECT id, password, secret, status, enabled FROM users WHERE username = "******"username"]) . ""); $row = mysql_fetch_assoc($res); if (!$row || $row["password"] != $password) { $message = T_("LOGIN_INCORRECT"); } elseif ($row["status"] == "pending") { $message = T_("ACCOUNT_PENDING"); } elseif ($row["enabled"] == "no") { $message = T_("ACCOUNT_DISABLED"); } } else { $message = T_("NO_EMPTY_FIELDS"); } if (!$message) { logincookie($row["id"], $row["password"], $row["secret"]);
// Logout -------------------------------------------------------------------------------------------- $app->get('/logout', function () use($app) { $app->store('user', 0); $app->redirect($app->getBaseUri() . '/login'); }); // Conditions -------------------------------------------------------------------------------------------- $app->condition('signed_in', function () use($app) { $app->redirect($app->getBaseUri() . '/login', !$app->store('user')); }); // Login -------------------------------------------------------------------------------------------- $app->get('/login', function () use($app) { $app->render('login', array(), 'blank'); }); $app->post('/login', function () use($app) { $user = Model::factory('User')->where_equal('login', $_POST['user'])->find_one(); if ($user->pass == passhash($_POST['pass'])) { $app->store("user", $user->id); $app->redirect($app->getBaseUri() . '/dashboard'); } else { $app->redirect($app->getBaseUri() . '/login'); } }); // Register -------------------------------------------------------------------------------------------- $app->get('/signup', function () use($app) { $app->render('register', array(), 'blank'); }); $app->post('/signup', 'signup#post'); // Logged in area -------------------------------------------------------------------------------------------- $app->get('/dashboard', function () use($app) { $app->condition('signed_in'); $me = Model::factory('User')->where_equal('id', $app->store('user'))->find_one();
} // end do } //end action if ($action == "changepw") { if ($do == "newpassword") { $chpassword = $_POST['chpassword']; $passagain = $_POST['passagain']; if ($chpassword != "") { if (strlen($chpassword) < 6) { $message = T_("PASS_TOO_SHORT"); } if ($chpassword != $passagain) { $message = T_("PASSWORDS_NOT_MATCH"); } $chpassword = passhash($chpassword); $secret = mksecret(); } if (!$chpassword || !$passagain) { $message = "You must enter something!"; } begin_frame(); navmenu(); if (!$message) { SQL_Query_exec("UPDATE users SET password = "******", secret = " . sqlesc($secret) . " WHERE id = " . $CURUSER["id"]); echo "<br /><br /><center><b>" . T_("PASSWORD_CHANGED_OK") . "</b></center>"; logoutcookie(); } else { echo "<br /><br /><b><center>" . $message . "</center></b><br /><br />"; } end_frame();
$nonce = $_POST['nonce']; if (!check_nonce($nonce, "reset_password")) { die("CSRF detected!"); } if (isset($_POST['email'])) { if ($_POST['email'] == $EMAIL) { // create new random password $random = createRandomPassword(); // create new users.xml file $bakpath = GSBACKUPSPATH . "other/"; createBak($file, GSDATAOTHERPATH, $bakpath); $flagfile = GSBACKUPSPATH . "other/user.xml.reset"; copy(GSDATAOTHERPATH . $file, $flagfile); $xml = @new SimpleXMLElement('<item></item>'); $xml->addChild('USR', @$USR); $xml->addChild('PWD', passhash($random)); $xml->addChild('EMAIL', @$EMAIL); XMLsave($xml, GSDATAOTHERPATH . $file); // send the email with the new password $subject = $site_full_name . ' ' . $i18n['RESET_PASSWORD'] . ' ' . $i18n['ATTEMPT']; $message = "'" . cl($SITENAME) . "' " . $i18n['RESET_PASSWORD'] . " " . $i18n['ATTEMPT']; $message .= '<br>-------------------------------------------------------<br>'; $message .= "<br>" . $i18n['LABEL_USERNAME'] . ": " . $USR; $message .= "<br>" . $i18n['NEW_PASSWORD'] . ": " . $random; $message .= '<br><br>' . $i18n['EMAIL_LOGIN'] . ': <a href="' . $SITEURL . 'admin/">' . $SITEURL . 'admin/</a>'; exec_action('resetpw-success'); $status = sendmail($EMAIL, $subject, $message); header("Location: resetpassword.php?upd=pwd-" . $status); } else { exec_action('resetpw-error'); header("Location: resetpassword.php?upd=pwd-error");
$htmleditor = ''; } # check to see if passwords are changing if (isset($_POST['sitepwd'])) { $pwd1 = $_POST['sitepwd']; } if (isset($_POST['sitepwd_confirm'])) { $pwd2 = $_POST['sitepwd_confirm']; } if ($pwd1 != $pwd2 || $adding === true && (empty($pwd1) || $pwd1 !== $pwd2)) { #passwords do not match $error = i18n_r('PASSWORD_NO_MATCH'); } else { # password cannot be null if ($pwd1 != '') { $password = passhash($pwd1); } // check valid lang files if (!in_array($lang . '.php', $lang_array) and !in_array($lang . '.PHP', $lang_array)) { $lang = ''; } # create user xml file createBak($file, GSUSERSPATH, GSBACKUSERSPATH); if (file_exists(GSUSERSPATH . _id($userid) . '.xml.reset')) { unlink(GSUSERSPATH . _id($userid) . '.xml.reset'); } $xml = new SimpleXMLElement('<item></item>'); $xml->addChild('USR', $userid); $xml->addChild('NAME', $name); $xml->addChild('PWD', $password); $xml->addChild('EMAIL', $email);