function OS_ForgotPassword() { $errors = ""; global $db; global $mail; global $lang; if (isset($_POST["reset_password"]) and isset($_POST["reset_password_submit"])) { global $lang; $email = EscapeStr(trim($_POST["reset_password"])); if (isset($_SESSION["password_send"])) { $errors .= "<h4>You have already sent a request to reset the password. Please check your mail.</h4>"; } if (!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}\$/i", $email)) { $errors .= "<h4>Invalid Email address</h4>"; } if (empty($errors)) { $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_email = :email LIMIT 1 "); $sth->bindValue(':email', $email, PDO::PARAM_STR); $result = $sth->execute(); if ($sth->rowCount() <= 0) { $errors .= "<h4>Email address does not exist in our database.</h4>"; } if (empty($errors)) { $code = generate_hash(16); OS_add_custom_field(0, 'reset_password|' . $email, $code); require "inc/class.phpmailer.php"; $message = "You have requested a password reset.<br />"; $message .= "Click on the link below to reset your password:<br /><br />"; $message .= OS_HOME . "?action=reset_password&e=" . $email . "&c=" . $code . "<br /><br />"; $message .= "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br />"; $message .= "If you did not request a password reset just ignore this email and delete it.<br />"; $mail = new PHPMailer(); $mail->CharSet = 'UTF-8'; $mail->ContentType = 'text/plain'; $mail->IsHTML(true); $mail->SetFrom($lang["email_from"], $lang["email_from_full"]); //$mail->AddReplyTo( $lang["email_from"], $lang["email_from_full"] ); $mail->AddAddress($email, ""); $mail->Subject = "Password reset!"; $mail->MsgHTML($message); $mail->AltBody = "This is the body in plain text for non-HTML mail clients"; $mail->Send(); $_SESSION["password_send"] = time(); //Not error, just a message $errors = "<h4>You have successfully submitted a request to reset your password. Please check your mail.</h4>"; } } } ?> <div id="content" class="s-c-x"> <div class="wrapper"> <div id="main-column"> <div class="padding"> <div class="inner"> <h2>Reset password</h2> <div class="padTop"></div> <?php if (isset($errors) and !empty($errors)) { echo $errors; } ?> <?php if (!isset($_GET["c"]) and !isset($_GET["e"])) { ?> <form action="" method="post"> <table style="width:800px;"> <tr class="row"> <td></td> <td> <b>You can't retrieve your password, but you can set a new one by following a link sent to you by email.</b> <div>- This is the email address you used to register on the site.</div> <div>- If you do not receive an email, check your "Spam" folder.</div> </td> </tr> <tr class="row"> <td width="120" class="padLeft">Email address:</td> <td class="padLeft"> <input type="text" name="reset_password" size="39" value="" style="height:26px;" /> </td> </tr> <tr class="row"> <td width="120" class="padLeft"></td> <td class="padLeft"><input type="submit" name="reset_password_submit" class="menuButtons" value="Send" /> <div class="padBottom"></div> </td> </tr> </table> </form> <?php } else { if (isset($_GET["e"])) { $email = EscapeStr(trim($_GET["e"])); } else { $email = generate_hash(12); } if (isset($_GET["c"])) { $code = EscapeStr(trim($_GET["c"])); } else { $code = generate_hash(12); } if (!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}\$/i", $email)) { $errors .= "<h4>Invalid Email address</h4>"; } if (empty($errors)) { $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_email = :email LIMIT 1 "); $sth->bindValue(':email', $email, PDO::PARAM_STR); $result = $sth->execute(); if ($sth->rowCount() <= 0) { $errors .= "<h4>Email address does not exist in our database.</h4>"; } } if (empty($errors)) { $value = OS_get_custom_field(0, 'reset_password|' . $email); if ($code != $value or strlen($code) <= 5) { $errors .= "<h4>Link has expired, or the password has already been reset</h4>"; } } //FINALLY RESET if (empty($errors) and isset($_POST["reset_1"]) and isset($_POST["reset_2"])) { $p1 = strip_tags($_POST["reset_1"]); $p2 = strip_tags($_POST["reset_2"]); if ($p1 != $p2) { $errors .= "<h4>Both passwords are not the same</h4>"; } else { $hash = generate_hash(16, 1); $password_db = generate_password($p1, $hash); $result = $db->update(OSDB_USERS, array("user_password" => $password_db, "password_hash" => $hash), "user_email = '" . $email . "'"); //OS_delete_custom_field( 0, 'reset_password|'.$email , $code); $delete = $db->exec("DELETE FROM " . OSDB_CUSTOM_FIELDS . " \n\t\t WHERE field_value='" . $code . "' AND field_name = 'reset_password|" . $email . "' LIMIT 1"); $PasswordReset = 1; } } if (isset($errors) and !empty($errors)) { echo $errors; } else { if (isset($PasswordReset) and $PasswordReset == 1) { ?> <h2>Password has been successfully changed. Now you can log in.</h2> <?php } else { ?> <form action="" method="post"> <table style="width:600px;"> <tr class="row"> <td class="padLeft">New password:</td> <td class="padLeft"><input type="password" name="reset_1" size="6" value="" /></td> </tr> <tr class="row"> <td class="padLeft">Repeat password:</td> <td class="padLeft"><input type="password" name="reset_2" size="6" value="" /></td> </tr> <tr class="row"> <td width="120" class="padLeft"></td> <td class="padLeft"><input type="submit" name="reset_pw" class="menuButtons" value="Reset your password" /> <div class="padBottom"></div> </td> </tr> </table> </form> <?php } } } ?> <div style="height:260px;"></div> </div> </div> </div> </div> </div> <?php }
$field_name = "oh_announcements_config"; if (isset($_POST["a_saved"]) and isset($_POST["a_time"])) { $time = (int) strip_tags(trim($_POST["a_time"])); if (!is_numeric($time)) { $time = 30; } if ($time < 0 or $time > 60 * 24) { $time = 30; } $lobby = strip_tags(trim($_POST["a_lobby"])); $data = "repeat\t{$time}\tlobby\t{$lobby}"; OS_add_custom_field(1, $field_name, $data); $saved = 1; OS_AddLog($_SESSION["username"], "[os_announcements] Edited Announcements Config"); } $config = OS_get_custom_field(1, $field_name); $cfg = explode("\t", $config); if (isset($cfg[1])) { $time = $cfg[1]; } else { $time = 30; } if (isset($cfg[3])) { $lby = $cfg[3]; } else { $lby = 0; } ?> <form action="" method="post"> <h2>Announcements configuration</h2> <table>
$registration_errors .= "<div>" . $lang["error_username"] . "</div>"; } //die($registration_errors." - ".$username); if (!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}\$/i", $email)) { $registration_errors .= "<div>" . $lang["error_email"] . "</div>"; } if (strlen($username) <= 2) { $registration_errors .= "<div>" . $lang["error_short_un"] . "</div>"; } if (strlen($password) <= 2) { $registration_errors .= "<div>" . $lang["error_short_pw"] . "</div>"; } if ($password != $password2) { $registration_errors .= "<div>" . $lang["error_passwords"] . "</div>"; } $BannedEmails = OS_get_custom_field(1, "oh_banemail"); if (!empty($BannedEmails) and empty($errors)) { $BanEmail = explode(",", $BannedEmails); $UserEmail = explode("@", $email); if (isset($UserEmail[1])) { $CheckEmail = trim($UserEmail[1]); } else { $CheckEmail = ""; } if (!empty($CheckEmail)) { foreach ($BanEmail as $em) { $CheckEmail = strtolower(trim($CheckEmail)); $em = strtolower(trim($em)); if ($CheckEmail == $em) { $registration_errors .= "<div>" . $lang["error_email_banned"] . "</div>"; }
function OS_DisplayCustomField() { global $db; //FUNCTION: OS_GetAction //OS_GetAction is $_GET["action"] //OS_GetAction("profile") same as $_GET["action"] == "profile"; if (OS_GetAction("profile") and isset($_GET["id"]) and is_numeric($_GET["id"])) { $uid = (int) $_GET["id"]; $RealmUn = OS_get_custom_field($uid, "realm_username"); $UserBirth = OS_get_custom_field($uid, "user_birthday"); $UserBirth = str_replace("-", " ", $UserBirth); ?> <tr> <td width="130" class="padLeft"><b>Realm username:</b></td> <td><?php echo $RealmUn; ?> </td> </tr> <tr> <td width="130" class="padLeft"><b>Birthday:</b></td> <td><?php echo $UserBirth; ?> </td> </tr> <?php } }
<?php if (!isset($website)) { header('HTTP/1.1 404 Not Found'); die; } $field_name = "oh_badwords"; if (isset($_POST["submit_wf"]) and isset($_POST["bad_words"])) { $words = strip_tags(trim($_POST["bad_words"])); OS_add_custom_field(1, $field_name, $words); $saved = 1; OS_AddLog($_SESSION["username"], "[os_badwords] Edited Bad words"); } $badwords = OS_get_custom_field(1, $field_name); ?> <div align="center"> <h2>Word Filter</h2> <form action="" method="post"> <textarea rows="10" cols="60" name="bad_words"><?php echo $badwords; ?> </textarea> <div> <input type="submit" value="Save word filter" name="submit_wf" class="menuButtons" /> </div> </form> <?php if (isset($saved)) { ?>
<?php if (!isset($website)) { header('HTTP/1.1 404 Not Found'); die; } $field_name = "oh_banemail"; if (isset($_POST["submit_be"]) and isset($_POST["bad_email"])) { $words = strip_tags(trim($_POST["bad_email"])); OS_add_custom_field(1, $field_name, $words); $saved = 1; OS_AddLog($_SESSION["username"], "[oh_banemail] Edited Bad words"); } $banemails = OS_get_custom_field(1, $field_name); ?> <div align="center"> <h2>Ban Email Address</h2> <?php if (!empty($banemails)) { $total = count(explode(",", $banemails)); ?> <div><b>Banned:</b> <?php echo $total; ?> email addresses</div> <?php } ?> <form action="" method="post">
<?php if (!isset($website)) { header('HTTP/1.1 404 Not Found'); die; } $field_name = "oh_bannednamepartials"; if (isset($_POST["submit_bn"]) and isset($_POST["BannedNames"])) { $words = strip_tags(trim($_POST["BannedNames"])); OS_add_custom_field(1, $field_name, $words); $saved = 1; OS_AddLog($_SESSION["username"], "[oh_bannednamepartials] Edited Banned names"); } $BannedNames = OS_get_custom_field(1, $field_name); ?> <div align="center"> <h2>Banned names</h2> <form action="" method="post"> <textarea rows="10" cols="60" name="BannedNames"><?php echo $BannedNames; ?> </textarea> <div> <input type="submit" value="Save word filter" name="submit_bn" class="menuButtons" /> </div> </form> <?php if (isset($saved)) { ?>