} output_message('notice', '<b>' . $lang['change_mail'] . '</b><meta http-equiv=refresh content="2;url=index.php?n=account&sub=manage">'); } } else { output_message('alert', '<b>' . $lang['reg_checkemailex'] . '</b><meta http-equiv=refresh content="2;url=index.php?n=account&sub=manage">'); } } else { output_message('alert', '<b>' . $lang['bad_mail'] . '</b><meta http-equiv=refresh content="2;url=index.php?n=account&sub=manage">'); } } elseif ($_GET['action'] == 'changepass') { $newpass = trim($_POST['new_pass']); if (strlen($newpass) > 3) { $DB->query("UPDATE account SET sessionkey = NULL WHERE id=?", $user['id']); $DB->query("UPDATE account SET s = NULL WHERE id=?", $user['id']); $DB->query("UPDATE account SET v = NULL WHERE id=?", $user['id']); $sha_pass = sha_password($user['username'], $newpass); $DB->query("UPDATE account SET sha_pass_hash=? WHERE id=?", strtoupper($sha_pass), $user['id']); if ((int) $MW->getConfig->generic->use_purepass_table) { $count_occur = $DB->selectCell("SELECT count(*) FROM account_pass WHERE id=?d", $user['id']); if ($count_occur) { $DB->query("UPDATE account_pass SET password=? WHERE id=?d LIMIT 1", $newpass, $user['id']); } else { $DB->query("INSERT INTO account_pass SET id=?d, username=?, password=?, email=?", $user['id'], $user['username'], $newpass, $user['email']); } } //$uservars_hash_new = serialize(array($user['id'], sha1(base64_encode(md5(utf8_encode($sha_pass)))))); //setcookie((string)$MW->getConfig->generic->site_cookie, $uservars_hash_new, time()+(60*60*24*365),$MW->getConfig->temp->site_href,$MW->getConfig->temp->site_domain); // expires in 365 days output_message('notice', '<b>' . $lang['change_pass_succ'] . '</b><meta http-equiv=refresh content="2;url=index.php?n=account&sub=manage">'); } else { output_message('alert', '<b>' . $lang['change_pass_short'] . '</b><meta http-equiv=refresh content="2;url=index.php?n=account&sub=manage">'); }
</head> <body> <div id="embedded-login"> <h2>World of Warcraft</h2> <?php if (!isset($_SESSION['username'])) { if (isset($_POST['accountName'])) { $accountName = stripslashes($_POST['accountName']); $accountPass = stripslashes($_POST['password']); function sha_password($user, $pass) { $user = strtoupper($user); $pass = strtoupper($pass); return SHA1($user . ':' . $pass); } $sha_pass_hash = sha_password($accountName, $accountPass); $db_setup = mysql_select_db($server_adb, $connection_setup) or die(mysql_error()); $login_query = mysql_query("SELECT * FROM account WHERE username = '******'"); $login = mysql_fetch_assoc($login_query); if ($login) { ?> <style type="text/css"> .loader { width:24px; height:24px; background: url("wow/static/images/loaders/canvas-loader.gif") no-repeat; } </style> <center> <h3>Logging In</h3><br /> <div class="loader"></div>
<?php if (isset($error) && count($error) > 0) { echo '<div class="errors">'; foreach ($error as $errors) { echo "<font color='red'>*" . $errors . "</font><br />"; } echo '</div>'; echo '<meta http-equiv="refresh" content="2"'; } else { function sha_password($user, $pass) { $user = strtoupper($user); $pass = strtoupper($pass); return SHA1($user . ':' . $pass); } $sha_pass_hash = strtoupper(sha_password($accountName, $accountPass)); $ip = intval($_SERVER['REMOTE_ADDR']); $register_query = mysql_query("INSERT INTO account (username,sha_pass_hash,email,last_ip,expansion) VALUES ('" . strtoupper($accountName) . "','" . mysql_real_escape_string($sha_pass_hash) . "','" . $accountEmail . "','" . $ip . "','2')") or die(mysql_error()); $accinfoq = mysql_query("SELECT * FROM account WHERE username = '******'"); $accinfo = mysql_fetch_assoc($accinfoq) or die(mysql_error()); mysql_select_db($server_db, $connection_setup) or die(mysql_error()); $register_query = mysql_query("INSERT INTO users(id) VALUES ('" . mysql_real_escape_string($accinfo['id']) . "')"); echo '<div class="success">'; echo $accountName . ' has been successfully created.'; echo '</div>'; $_SESSION['username'] = $accountName; echo '<meta http-equiv="refresh" content="2;url=index.php"'; } ?> </center>
<?php //Refuse direct access if (!defined("125125CMS")) { exit; } if (isset($_POST['username']) and isset($_POST['password'])) { $username = $_POST['username']; $password = sha_password($username, $_POST['password']); $mysqli->select_db($acc_db); $check_account = $mysqli->query("SELECT * FROM `account` WHERE username='******' and sha_pass_hash='{$password}'") or die($mysqli->error); $count = $check_account->num_rows; if ($count == 1) { $_SESSION['username'] = $username; header("Location: index.php?p=index"); } else { echo 'Wrong username/password !'; } }
<?php if (INCLUDED !== true) { exit; } // ==================== // $pathway_info[] = array('title' => $lang['login'], 'link' => ''); // ==================== // if ($_REQUEST['action'] == 'login') { $login = $_REQUEST['login']; $pass = sha_password($login, $_REQUEST['pass']); if ($auth->login(array('username' => $login, 'sha_pass_hash' => $pass))) { redirect($_SERVER['HTTP_REFERER'], 1); } } elseif ($_REQUEST['action'] == 'logout') { $auth->logout(); redirect($_SERVER['HTTP_REFERER'], 1); }
mysql_connect($_POST['db_host'].":".$_POST['db_port'], $_POST['db_username'], $_POST['db_password']); mysql_select_db($_POST['db_name']); //Giving root admin rights to the given account $accountid = mysql_query("SELECT `id` FROM `account` WHERE `username` LIKE '".$_POST['account']."'"); $checkacc = mysql_num_rows($accountid); if ($checkacc == 1) { // Account exsist $accountid = mysql_fetch_row($accountid); mysql_query("UPDATE `account_extend` SET `g_id` = '4' WHERE `account_id` = ".$accountid[0]." LIMIT 1 ;"); echo "Congratulations, your TrinityWeb is now installed!<br /><br />Installation finished successfully, now you can login with your administrator account on the <a href=\"../index.php\">site index</a>, ".$_POST['account'].", and do the further configurations!"; } else { // No such account, creating one, in this case pwd is needed, so checking whether it's provided... if (!$_POST['passw'] || !$_POST['passw2']) {die('Error!<br /><br />One or more fileds were left empty. Please <a href="javascript: history.go(-1)">go back</a> and correct it.');} if ($_POST['passw'] != $_POST['passw2']) {die('Error!<br /><br />Passwords didn\'t match. Please <a href="javascript: history.go(-1)">go back</a> and correct it.');} $password = sha_password($_POST['account'], $_POST['passw']); mysql_query("INSERT INTO `account` (`username`, `sha_pass_hash`) VALUES ('".$_POST['account']."', '$password' );"); $accountid = mysql_query("SELECT `id` FROM `account` WHERE `username` LIKE '".$_POST['account']."'"); $accountid = mysql_fetch_row($accountid); mysql_query("INSERT INTO `account_extend` (`account_id`, `g_id`) VALUES ('$accountid[0]', '4');"); echo "Congratulations, your TrinityWeb is now installed!<br /><br />Installation finished successfully, now you can login with your administrator account, ".$_POST['account'].", on the <a href=\"../index.php\">site index</a> and do the further configurations!"; echo "<br/><br/><strong><font color=\"red\">To disable this function and avoid misuse add a file named DISABLE_INSTALLER.php to your install folder to disable the installer!</font></strong>"; } } ?> </div> </div> <br /><br /> </div> </div> </body></html>
$txt['daylist'] .= "<option value='{$i}'" . ($i == $profile['bd_day'] ? ' selected' : '') . "> {$i} </option>\n"; } for ($i = 1; $i <= 12; $i++) { $txt['monthlist'] .= "<option value='{$i}'" . ($i == $profile['bd_month'] ? ' selected' : '') . "> {$i} </option>\n"; } for ($i = 1950; $i <= date('Y'); $i++) { $txt['yearlist'] .= "<option value='{$i}'" . ($i == $profile['bd_year'] ? ' selected' : '') . "> {$i} </option>\n"; } $profile['signature'] = str_replace('<br />', '', $profile['signature']); } elseif ($_GET['action'] == 'changepass') { $newpass = trim($_POST['new_pass']); if (strlen($newpass) > 3) { $id = $_GET['id']; $maneresu = $DB->selectCell("SELECT username FROM account WHERE id={$id} "); $DB->query("UPDATE account SET sessionkey = NULL WHERE id={$id}"); $sha_pass = sha_password($maneresu, $newpass); $DB->query("UPDATE account SET sha_pass_hash='{$sha_pass}' WHERE id={$id}"); output_message('notice', '<b>' . $lang['change_pass_succ'] . '</b><meta http-equiv=refresh content="2;url=index.php?n=admin&sub=members&id=' . $_GET['id'] . '">'); } else { output_message('alert', '<b>' . $lang['change_pass_short'] . '</b><meta http-equiv=refresh content="2;url=index.php?n=admin&sub=members&id=' . $_GET['id'] . '">'); } } elseif ($_GET['action'] == 'ban') { $DB->query("INSERT into account_banned (id, bandate, unbandate, bannedby, banreason, active) values (?d, UNIX_TIMESTAMP(), UNIX_TIMESTAMP()-10, 'WEBSERVER', 'WEBSERVER', 1)", $_GET['id']); $id = $_GET['id']; $q = $DB->selectCell("SELECT last_ip FROM account WHERE id='{$id}' "); $DB->query("INSERT into ip_banned (ip, bandate, unbandate, bannedby, banreason) values ('{$q}', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()-10, 'WEBSERVER', 'WEBSERVER')"); $DB->query("UPDATE account_extend SET g_id=5 WHERE account_id='{$id}' "); redirect('index.php?n=admin&sub=members&id=' . $_GET['id'], 1); } elseif ($_GET['action'] == 'unban') { $DB->query("UPDATE account_banned SET active=0 WHERE id=?d ", $_GET['id']); $id = $_GET['id'];
function sha_password($user, $pass) { $user = strtoupper($user); $pass = strtoupper($pass); return SHA1($user . ':' . $pass); } $error = ""; $db_fields = ""; $db_values = ""; $username = stripinput(trim(preg_replace("/ +/i", " ", $_POST['username']))); $email = stripinput(trim(preg_replace("/ +/i", "", $_POST['email']))); $password1 = stripinput(trim(preg_replace("/ +/i", "", $_POST['password1']))); if ($emulator != 0) { $game_username = stripinput(trim(preg_replace("/ +/i", " ", $_POST['game_username']))); $game_password1 = stripinput(trim(preg_replace("/ +/i", "", $_POST['game_password1']))); $game_password2 = sha_password($game_username, $_POST['game_password1']); } if ($username == "" || $password1 == "" || $email == "") { $error .= $locale['402'] . "<br />\n"; } if ($emulator != 0) { if ($game_username == "" || $game_password1 == "") { $error .= $locale['1402'] . "<br />\n"; } if (!preg_match("/^[-0-9A-Z_@\\s]+\$/i", $game_username)) { $error .= $locale['1403'] . "<br />\n"; } if (preg_match("/^[0-9A-Z@]{6,20}\$/i", $game_password1)) { if ($game_password1 != $_POST['game_password2']) { $error .= $locale['1404'] . "<br />\n"; }
for ($i = 0; $i < $counts; $i++) { if ($o = 1) { $output = rand(0, 9); $o = 0; } else { $o++; $output .= $str[rand(0, 25)]; } } return $output; } $rand = random_string(6); /* START */ if (isset($_POST['user'])) { $username = protect($_POST['user']); $password = sha_password($_POST['user'], $_POST['pass']); $hero1 = protect($_POST['hero1']); $ip = getenv('REMOTE_ADDR'); $check_account1 = mysql_query("SELECT * FROM `{$server_adb}`.`invite_member` WHERE `account` = '{$username}';") or die(mysql_error()); if (mysql_num_rows($check_account1) > 0) { echo '<font color="red">Error : this account allready in database</font>'; } else { $check_account2 = mysql_query("SELECT * FROM `{$server_adb}`.`account` WHERE `username` = '{$username}' AND `sha_pass_hash` = '{$password}'") or die(mysql_error()); if (mysql_num_rows($check_account2) < 1) { echo '<font color="red">Error : Username and Password not valid</font>'; } else { $result1 = mysql_query("SELECT * FROM `{$server_cdb}`.characters, `{$server_adb}`.account WHERE `{$server_adb}`.account.id = `{$server_cdb}`.characters.account AND `{$server_cdb}`.characters.name='{$hero1}' AND `{$server_adb}`.account.username = '******';") or die(mysql_error()); if (mysql_num_rows($result1) < 1) { echo '<font color="red">This character does not belong to this account</font>'; } else { $select_character = mysql_query("SELECT name,guid FROM `{$server_cdb}`.characters WHERE name='{$hero1}';");
if ($settings['display_validation'] == "1") { include_once INCLUDES . "securimage/securimage.php"; } function sha_password($user, $pass) { $user = strtoupper($user); $pass = strtoupper($pass); return SHA1($user . ':' . $pass); } $error = ""; $db_fields = ""; $db_values = ""; $username = stripinput(trim(preg_replace("/ +/i", " ", $_POST['username']))); $email = stripinput(trim(preg_replace("/ +/i", "", $_POST['email']))); $password1 = stripinput(trim(preg_replace("/ +/i", "", $_POST['password1']))); $password2 = sha_password($username, $_POST['password1']); if ($username == "" || $password1 == "" || $email == "") { $error .= $locale['402'] . "<br />\n"; } if ($emulator == 2) { $cola = $newcon->query("SELECT * FROM account WHERE username='******'"); if ($cola->fetch_row() != NULL) { $error = $locale['407'] . "<br />\n"; } } if ($emulator == 1) { $cola = $newcon->query("SELECT * FROM accounts WHERE login='******'"); if ($cola->fetch_row() != NULL) { $error = $locale['407'] . "<br />\n"; } }
$posted_email =& $_POST['retr_email']; /*Check 2*/ if ($email != $posted_email) { $return = FALSE; } } } $secreta1 =& $_POST['secreta1']; $secreta2 =& $_POST['secreta2']; /*Check 3*/ if (check_for_symbols($_POST['secreta1']) || check_for_symbols($_POST['secreta2'])) { $return = FALSE; } if ($return == FALSE) { output_message('alert', '<b>' . $lang['fail_restore_pass'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=restore">'); } elseif ($return == TRUE) { $we = $DB->selectRow("SELECT account_id FROM `account_extend` WHERE account_id=? AND secretq1=? AND secretq2=? AND secreta1=? AND secreta2=?", $username, strip_if_magic_quotes($_POST['secretq1']), strip_if_magic_quotes($_POST['secretq2']), strip_if_magic_quotes($_POST['secreta1']), strip_if_magic_quotes($_POST['secreta2'])); if ($we == false) { $we = $DB->selectRow("SELECT account_id FROM `account_extend` WHERE account_id=? AND secretq1=? AND secretq2=? AND secreta1=? AND secreta2=?", $username, strip_if_magic_quotes($_POST['secretq2']), strip_if_magic_quotes($_POST['secretq1']), strip_if_magic_quotes($_POST['secreta2']), strip_if_magic_quotes($_POST['secreta1'])); } if ($we == true) { $pas = random_string(7); $c_pas = sha_password($username_name, $pas); $DB->query("UPDATE `account` SET sha_pass_hash=? WHERE id=?d", $c_pas, $username); $DB->query("UPDATE `account` SET sessionkey=NULL WHERE id=?d", $username); output_message('notice', '<b>' . $lang['restore_pass_ok'] . '<br /> New password: '******'</b>'); } else { output_message('alert', '<b>' . $lang['fail_restore_pass'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=restore">'); } } }
<div id="embedded-login"> <h2 class="wuaha2"><?php echo $website['title']; ?> - SHA1 Encryption</h2> <br /> <center> <?php if ($_POST['username']) { function sha_password($user, $pass) { $user = strtoupper($user); $pass = strtoupper($pass); return SHA1($user . ':' . $pass); } echo '<br /><br /><center><h3><font color="aqua" class="wuaha">Your password is</font></h3><br /><br /><font color="green" class="wuaha"> ' . sha_password($_POST['username'], $_POST['password']) . '</font></center>'; } else { echo ' <form method="POST"> <table> <tr> <div class="form-row required"> <label for="email" class="label-full "> <strong>Username:</strong> <span class="form-required">*</span> </label> <input type="text" id="name" name="username" value="" class="input border-5 glow-shadow-2" maxlength="255" tabindex="2" /> </div> <div class="form-row required"> <label for="email" class="label-full ">
$err_array[] = "User didn't type any answers to the secret questions."; } } // Ext 3 - make sure password is not username if ($_POST['r_login'] == $_POST['r_pass']) { $notreturn = TRUE; $err_array[] = "Password cannot be the same as username."; } // Main add. if ($notreturn === FALSE) { if ($auth->register(array('username' => $_POST['r_login'], 'sha_pass_hash' => sha_password($_POST['r_login'], $_POST['r_pass']), 'sha_pass_hash2' => sha_password($_POST['r_login'], $_POST['r_cpass']), 'email' => $_POST['r_email'], 'expansion' => $_POST['r_account_type'], 'password' => $_POST['r_pass']), array('secretq1' => strip_if_magic_quotes($_POST['secretq1']), 'secreta1' => strip_if_magic_quotes($_POST['secreta1']), 'secretq2' => strip_if_magic_quotes($_POST['secretq2']), 'secreta2' => strip_if_magic_quotes($_POST['secreta2']))) === true) { if ((int) $MW->getConfig->generic->req_reg_key) { $auth->delete_key($_POST['r_key']); } if ((int) $MW->getConfig->generic->req_reg_act == 0) { $auth->login(array('username' => $_POST['r_login'], 'sha_pass_hash' => sha_password($_POST['r_login'], $_POST['r_pass']))); } $reg_succ = true; } else { $reg_succ = false; $err_array[] = "Account Creation [FATAL ERROR]: User cannot be created, likely due to incorrect database configuration. Contact the administrator."; } } else { $reg_succ = false; } //Error message if ($reg_succ == false) { if (!$err_array[1]) { $err_array[1] = $lang['ref_fail'] . ": Unknown Reason"; } $output_error = implode("<br>\n", $err_array);