/**
* Class constructor
*
* @return void
*/
public function __construct()
{
log_info("info", "security opened");
$this->securitytoken_time = time() + 60 * 1;
$this->securitytoken = "token" . randstring(10);
// 1min
$this->urltoken();
$this->verifyUrl();
}
<?if(!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED!==true)die();
$arParams["form_index"] = randstring(4);
$arParams["FORM_ID"] = "REPLIER".$arParams["form_index"];
$arParams["jsObjName"] = "oLHE";
$arParams["LheId"] = "idLHE".$arParams["form_index"];
$arParams["tabIndex"] = intVal(intval($arParams["TAB_INDEX"]) > 0 ? $arParams["TAB_INDEX"] : 10);
$arParams["EDITOR_CODE_DEFAULT"] = ($arParams["EDITOR_CODE_DEFAULT"] == "Y" ? "Y" : "N");
$arResult["QUESTIONS"] = array_values($arResult["QUESTIONS"]);
if ($arParams['AJAX_POST']=='Y' && ($_REQUEST["save_product_review"] == "Y"))
{
ob_start();
}
?>
$validmcuser = false;
/*$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, "http://www.minecraft.net/haspaid.jsp?user="******"-" . $_POST['month'] . "-" . $_POST['day'];
$datejoined = date("Y/m/d H:i:s");
$age = get_age($dob);
$pass = $_POST['pass'];
$confirmpass = $_POST['confirmpass'];
$hashed_pass = sha1($pass);
$verifcode = randstring();
if (checkdate(intval($_POST['month']), intval($_POST['day']), intval($_POST['year']))) {
if ($pass == $confirmpass) {
if (!empty($user) && !empty($email) && !empty($pass) && !empty($mcuser) && $user != " " && $email != " " && $pass != " " && $mcuser != " ") {
if ($age >= 13) {
if (checkstr($user) == false) {
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
if ($mcuser != "") {
$query = "SELECT id, username, email, minecraft_username FROM users\n\t\t\t\t\t\t\t\t\t\tWHERE username='******' OR email='{$email}' OR minecraft_username='******'";
} else {
$query = "SELECT id, username, email, minecraft_username FROM users\n\t\t\t\t\t\t\t\t\t\tWHERE username='******' OR email='{$email}'";
}
$result = mysql_query($query, $connection);
confirm_query($result);
if (mysql_num_rows($result) >= 1) {
if ($mcuser != "") {
private function set_newpass()
{
if (strlen($this->me['newpass']) == 8) {
return $this->me['newpass'];
}
while (true) {
$newpass = randstring(8);
$this->db->query("SELECT id FROM persons WHERE newpass='******' LIMIT 1");
if ($this->db->num_rows() == 0) {
$this->db->query("UPDATE persons SET newpass='******' WHERE id=" . $this->id);
return $newpass;
}
}
}
<?php
require_once "includes/functions.php";
if (isset($_POST['submit'])) {
if ($_POST['email'] != '') {
$query = "SELECT username, email FROM `users` WHERE `email`='{$_POST['email']}'";
$result = mysqli_query($connection, $query);
confirm_query($result);
if (mysqli_num_rows($result) == 1) {
$user = mysqli_fetch_array($result);
$auth_code = randstring();
try {
$query = "UPDATE `users` SET `chng_pass_authcode`='{$auth_code}', `chng_pass_authcode_date`='{$date}' WHERE `email`='{$_POST['email']}'";
$result = mysqli_query($connection, $query);
confirm_query($result);
//send email with password reset link
$to = $user['email'];
$email_subject = "Forgotten Password";
$email_message = 'Password change request for user "' . $user['username'] . '"<br />';
$email_message .= 'Change Password here: <a href="' . $GLOBALS['HOST'] . '/password_reset?auth=' . urlencode($auth_code) . '">' . $GLOBALS['HOST'] . '/password_reset?auth=' . urlencode($auth_code) . '</a><br />';
$email_message .= 'This link is good for 48 hours.';
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
if ($GLOBALS['site_info']['contact_email'] != "") {
$headers .= "From: " . $GLOBALS['site_info']['contact_email'] . PHP_EOL;
} else {
$headers .= "From: " . $GLOBALS['site_info']['name'] . PHP_EOL;
}
mail($to, $email_subject, $email_message, $headers);
$success = "An email has been sent containing a link to reset your password.";
} catch (Exception $e) {
<?php
require_once "../includes/functions.php";
?>
<?php
if (!check_permission(array("Forms;add_form", "Forms;edit_form", "Forms;delete_form"))) {
redirect_to("index.php");
}
if (isset($_POST['newform'])) {
if (check_permission("Forms", "add_form")) {
if ($formname = mysql_prep($_POST['formname']) != "") {
$formname = mysql_prep($_POST['formname']);
$unique_name = randstring();
$date = date("Y/m/d H:i:s", time());
$query = "INSERT INTO `forms` (\n\t\t\t\t`name`, `u_name`, `creator`, `date_created`\n\t\t\t) VALUES (\n\t\t\t\t'{$formname}', '{$unique_name}', {$_SESSION['user_id']}, '{$date}')";
$result = mysqli_query($connection, $query);
confirm_query($result);
$query = "SELECT * FROM `galleries` WHERE `name` = '{$_POST['formname']}'";
$result = mysqli_query($connection, $query);
confirm_query($result);
$formid = mysqli_fetch_array($result);
$success = "Form \"{$_POST['formname']}\" added!";
} else {
$error = "Form name cannot be blank.";
}
}
} elseif (isset($_POST['delforms'])) {
if (check_permission("Forms", "delete_form")) {
function del_form($id)
{
