function author_change_pass() { require_privs('admin.edit'); admin(reset_author_pass(ps('name'))); }
function doTxpValidate() { global $logout, $txp_user; $p_userid = ps('p_userid'); $p_password = ps('p_password'); $p_reset = ps('p_reset'); $stay = ps('stay'); $logout = gps('logout'); $message = ''; $pub_path = preg_replace('|//$|', '/', rhu . '/'); if (cs('txp_login') and strpos(cs('txp_login'), ',')) { $txp_login = explode(',', cs('txp_login')); $c_hash = end($txp_login); $c_userid = join(',', array_slice($txp_login, 0, -1)); } else { $c_hash = ''; $c_userid = ''; } if ($logout) { setcookie('txp_login', '', time() - 3600); setcookie('txp_login_public', '', time() - 3600, $pub_path); } if ($c_userid and strlen($c_hash) == 32) { $nonce = safe_field('nonce', 'txp_users', "name='" . doSlash($c_userid) . "' AND last_access > DATE_SUB(NOW(), INTERVAL 30 DAY)"); if ($nonce and $nonce === md5($c_userid . pack('H*', $c_hash))) { // cookie is good if ($logout) { // destroy nonce safe_update('txp_users', "nonce = '" . doSlash(md5(uniqid(mt_rand(), TRUE))) . "'", "name = '" . doSlash($c_userid) . "'"); } else { // create $txp_user $txp_user = $c_userid; } return $message; } else { setcookie('txp_login', $c_userid, time() + 3600 * 24 * 365); setcookie('txp_login_public', '', time() - 3600, $pub_path); $message = array(gTxt('bad_cookie'), E_ERROR); } } elseif ($p_userid and $p_password) { $name = txp_validate($p_userid, $p_password); if ($name !== FALSE) { $c_hash = md5(uniqid(mt_rand(), TRUE)); $nonce = md5($name . pack('H*', $c_hash)); safe_update('txp_users', "nonce = '" . doSlash($nonce) . "'", "name = '" . doSlash($name) . "'"); setcookie('txp_login', $name . ',' . $c_hash, $stay ? time() + 3600 * 24 * 365 : 0, null, null, null, LOGIN_COOKIE_HTTP_ONLY); setcookie('txp_login_public', substr(md5($nonce), -10) . $name, $stay ? time() + 3600 * 24 * 30 : 0, $pub_path); // login is good, create $txp_user $txp_user = $name; return ''; } else { sleep(3); $message = array(gTxt('could_not_log_in'), E_ERROR); } } elseif ($p_reset) { sleep(3); include_once txpath . '/lib/txplib_admin.php'; $message = $p_userid ? send_reset_confirmation_request($p_userid) : ''; } elseif (gps('reset')) { $message = ''; } elseif (gps('confirm')) { sleep(3); $confirm = pack('H*', gps('confirm')); $name = substr($confirm, 5); $nonce = safe_field('nonce', 'txp_users', "name = '" . doSlash($name) . "'"); if ($nonce and $confirm === pack('H*', substr(md5($nonce), 0, 10)) . $name) { include_once txpath . '/lib/txplib_admin.php'; $message = reset_author_pass($name); } } $txp_user = ''; return $message; }