function OS_ForgotPassword()
{
$errors = "";
global $db;
global $mail;
global $lang;
if (isset($_POST["reset_password"]) and isset($_POST["reset_password_submit"])) {
global $lang;
$email = EscapeStr(trim($_POST["reset_password"]));
if (isset($_SESSION["password_send"])) {
$errors .= "<h4>You have already sent a request to reset the password. Please check your mail.</h4>";
}
if (!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}\$/i", $email)) {
$errors .= "<h4>Invalid Email address</h4>";
}
if (empty($errors)) {
$sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_email = :email LIMIT 1 ");
$sth->bindValue(':email', $email, PDO::PARAM_STR);
$result = $sth->execute();
if ($sth->rowCount() <= 0) {
$errors .= "<h4>Email address does not exist in our database.</h4>";
}
if (empty($errors)) {
$code = generate_hash(16);
OS_add_custom_field(0, 'reset_password|' . $email, $code);
require "inc/class.phpmailer.php";
$message = "You have requested a password reset.<br />";
$message .= "Click on the link below to reset your password:<br /><br />";
$message .= OS_HOME . "?action=reset_password&e=" . $email . "&c=" . $code . "<br /><br />";
$message .= "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br />";
$message .= "If you did not request a password reset just ignore this email and delete it.<br />";
$mail = new PHPMailer();
$mail->CharSet = 'UTF-8';
$mail->ContentType = 'text/plain';
$mail->IsHTML(true);
$mail->SetFrom($lang["email_from"], $lang["email_from_full"]);
//$mail->AddReplyTo( $lang["email_from"], $lang["email_from_full"] );
$mail->AddAddress($email, "");
$mail->Subject = "Password reset!";
$mail->MsgHTML($message);
$mail->AltBody = "This is the body in plain text for non-HTML mail clients";
$mail->Send();
$_SESSION["password_send"] = time();
//Not error, just a message
$errors = "<h4>You have successfully submitted a request to reset your password. Please check your mail.</h4>";
}
}
}
?>
<div id="content" class="s-c-x">
<div class="wrapper">
<div id="main-column">
<div class="padding">
<div class="inner">
<h2>Reset password</h2>
<div class="padTop"></div>
<?php
if (isset($errors) and !empty($errors)) {
echo $errors;
}
?>
<?php
if (!isset($_GET["c"]) and !isset($_GET["e"])) {
?>
<form action="" method="post">
<table style="width:800px;">
<tr class="row">
<td></td>
<td>
<b>You can't retrieve your password, but you can set a new one by following a link sent to you by email.</b>
<div>- This is the email address you used to register on the site.</div>
<div>- If you do not receive an email, check your "Spam" folder.</div>
</td>
</tr>
<tr class="row">
<td width="120" class="padLeft">Email address:</td>
<td class="padLeft">
<input type="text" name="reset_password" size="39" value="" style="height:26px;" />
</td>
</tr>
<tr class="row">
<td width="120" class="padLeft"></td>
<td class="padLeft"><input type="submit" name="reset_password_submit" class="menuButtons" value="Send" />
<div class="padBottom"></div>
</td>
</tr>
</table>
</form>
<?php
} else {
if (isset($_GET["e"])) {
$email = EscapeStr(trim($_GET["e"]));
} else {
$email = generate_hash(12);
}
if (isset($_GET["c"])) {
$code = EscapeStr(trim($_GET["c"]));
} else {
$code = generate_hash(12);
}
if (!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}\$/i", $email)) {
$errors .= "<h4>Invalid Email address</h4>";
}
if (empty($errors)) {
$sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_email = :email LIMIT 1 ");
$sth->bindValue(':email', $email, PDO::PARAM_STR);
$result = $sth->execute();
if ($sth->rowCount() <= 0) {
$errors .= "<h4>Email address does not exist in our database.</h4>";
}
}
if (empty($errors)) {
$value = OS_get_custom_field(0, 'reset_password|' . $email);
if ($code != $value or strlen($code) <= 5) {
$errors .= "<h4>Link has expired, or the password has already been reset</h4>";
}
}
//FINALLY RESET
if (empty($errors) and isset($_POST["reset_1"]) and isset($_POST["reset_2"])) {
$p1 = strip_tags($_POST["reset_1"]);
$p2 = strip_tags($_POST["reset_2"]);
if ($p1 != $p2) {
$errors .= "<h4>Both passwords are not the same</h4>";
} else {
$hash = generate_hash(16, 1);
$password_db = generate_password($p1, $hash);
$result = $db->update(OSDB_USERS, array("user_password" => $password_db, "password_hash" => $hash), "user_email = '" . $email . "'");
//OS_delete_custom_field( 0, 'reset_password|'.$email , $code);
$delete = $db->exec("DELETE FROM " . OSDB_CUSTOM_FIELDS . " \n\t\t WHERE field_value='" . $code . "' AND field_name = 'reset_password|" . $email . "' LIMIT 1");
$PasswordReset = 1;
}
}
if (isset($errors) and !empty($errors)) {
echo $errors;
} else {
if (isset($PasswordReset) and $PasswordReset == 1) {
?>
<h2>Password has been successfully changed. Now you can log in.</h2>
<?php
} else {
?>
<form action="" method="post">
<table style="width:600px;">
<tr class="row">
<td class="padLeft">New password:</td>
<td class="padLeft"><input type="password" name="reset_1" size="6" value="" /></td>
</tr>
<tr class="row">
<td class="padLeft">Repeat password:</td>
<td class="padLeft"><input type="password" name="reset_2" size="6" value="" /></td>
</tr>
<tr class="row">
<td width="120" class="padLeft"></td>
<td class="padLeft"><input type="submit" name="reset_pw" class="menuButtons" value="Reset your password" />
<div class="padBottom"></div>
</td>
</tr>
</table>
</form>
<?php
}
}
}
?>
<div style="height:260px;"></div>
</div>
</div>
</div>
</div>
</div>
<?php
}
$field_name = "oh_announcements_config";
if (isset($_POST["a_saved"]) and isset($_POST["a_time"])) {
$time = (int) strip_tags(trim($_POST["a_time"]));
if (!is_numeric($time)) {
$time = 30;
}
if ($time < 0 or $time > 60 * 24) {
$time = 30;
}
$lobby = strip_tags(trim($_POST["a_lobby"]));
$data = "repeat\t{$time}\tlobby\t{$lobby}";
OS_add_custom_field(1, $field_name, $data);
$saved = 1;
OS_AddLog($_SESSION["username"], "[os_announcements] Edited Announcements Config");
}
$config = OS_get_custom_field(1, $field_name);
$cfg = explode("\t", $config);
if (isset($cfg[1])) {
$time = $cfg[1];
} else {
$time = 30;
}
if (isset($cfg[3])) {
$lby = $cfg[3];
} else {
$lby = 0;
}
?>
<form action="" method="post">
<h2>Announcements configuration</h2>
<table>
$registration_errors .= "<div>" . $lang["error_username"] . "</div>";
}
//die($registration_errors." - ".$username);
if (!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}\$/i", $email)) {
$registration_errors .= "<div>" . $lang["error_email"] . "</div>";
}
if (strlen($username) <= 2) {
$registration_errors .= "<div>" . $lang["error_short_un"] . "</div>";
}
if (strlen($password) <= 2) {
$registration_errors .= "<div>" . $lang["error_short_pw"] . "</div>";
}
if ($password != $password2) {
$registration_errors .= "<div>" . $lang["error_passwords"] . "</div>";
}
$BannedEmails = OS_get_custom_field(1, "oh_banemail");
if (!empty($BannedEmails) and empty($errors)) {
$BanEmail = explode(",", $BannedEmails);
$UserEmail = explode("@", $email);
if (isset($UserEmail[1])) {
$CheckEmail = trim($UserEmail[1]);
} else {
$CheckEmail = "";
}
if (!empty($CheckEmail)) {
foreach ($BanEmail as $em) {
$CheckEmail = strtolower(trim($CheckEmail));
$em = strtolower(trim($em));
if ($CheckEmail == $em) {
$registration_errors .= "<div>" . $lang["error_email_banned"] . "</div>";
}
function OS_DisplayCustomField()
{
global $db;
//FUNCTION: OS_GetAction
//OS_GetAction is $_GET["action"]
//OS_GetAction("profile") same as $_GET["action"] == "profile";
if (OS_GetAction("profile") and isset($_GET["id"]) and is_numeric($_GET["id"])) {
$uid = (int) $_GET["id"];
$RealmUn = OS_get_custom_field($uid, "realm_username");
$UserBirth = OS_get_custom_field($uid, "user_birthday");
$UserBirth = str_replace("-", " ", $UserBirth);
?>
<tr>
<td width="130" class="padLeft"><b>Realm username:</b></td>
<td><?php
echo $RealmUn;
?>
</td>
</tr>
<tr>
<td width="130" class="padLeft"><b>Birthday:</b></td>
<td><?php
echo $UserBirth;
?>
</td>
</tr>
<?php
}
}
<?php
if (!isset($website)) {
header('HTTP/1.1 404 Not Found');
die;
}
$field_name = "oh_badwords";
if (isset($_POST["submit_wf"]) and isset($_POST["bad_words"])) {
$words = strip_tags(trim($_POST["bad_words"]));
OS_add_custom_field(1, $field_name, $words);
$saved = 1;
OS_AddLog($_SESSION["username"], "[os_badwords] Edited Bad words");
}
$badwords = OS_get_custom_field(1, $field_name);
?>
<div align="center">
<h2>Word Filter</h2>
<form action="" method="post">
<textarea rows="10" cols="60" name="bad_words"><?php
echo $badwords;
?>
</textarea>
<div>
<input type="submit" value="Save word filter" name="submit_wf" class="menuButtons" />
</div>
</form>
<?php
if (isset($saved)) {
?>
<?php
if (!isset($website)) {
header('HTTP/1.1 404 Not Found');
die;
}
$field_name = "oh_banemail";
if (isset($_POST["submit_be"]) and isset($_POST["bad_email"])) {
$words = strip_tags(trim($_POST["bad_email"]));
OS_add_custom_field(1, $field_name, $words);
$saved = 1;
OS_AddLog($_SESSION["username"], "[oh_banemail] Edited Bad words");
}
$banemails = OS_get_custom_field(1, $field_name);
?>
<div align="center">
<h2>Ban Email Address</h2>
<?php
if (!empty($banemails)) {
$total = count(explode(",", $banemails));
?>
<div><b>Banned:</b> <?php
echo $total;
?>
email addresses</div>
<?php
}
?>
<form action="" method="post">
<?php
if (!isset($website)) {
header('HTTP/1.1 404 Not Found');
die;
}
$field_name = "oh_bannednamepartials";
if (isset($_POST["submit_bn"]) and isset($_POST["BannedNames"])) {
$words = strip_tags(trim($_POST["BannedNames"]));
OS_add_custom_field(1, $field_name, $words);
$saved = 1;
OS_AddLog($_SESSION["username"], "[oh_bannednamepartials] Edited Banned names");
}
$BannedNames = OS_get_custom_field(1, $field_name);
?>
<div align="center">
<h2>Banned names</h2>
<form action="" method="post">
<textarea rows="10" cols="60" name="BannedNames"><?php
echo $BannedNames;
?>
</textarea>
<div>
<input type="submit" value="Save word filter" name="submit_bn" class="menuButtons" />
</div>
</form>
<?php
if (isset($saved)) {
?>
