function authenticate($username, $password)
{
$encrypted_old = md5($password);
$row = dbFetchRow('SELECT username,password FROM `users` WHERE `username`= ?', array($username), true);
if ($row['username'] && $row['username'] == $username) {
// Migrate from old, unhashed password
if ($row['password'] == $encrypted_old) {
$row_type = dbFetchRow('DESCRIBE users password');
if ($row_type['Type'] == 'varchar(34)') {
changepassword($username, $password);
}
return 1;
} else {
if (substr($row['password'], 0, 3) == '$1$') {
$row_type = dbFetchRow('DESCRIBE users password');
if ($row_type['Type'] == 'varchar(60)') {
if ($row['password'] == crypt($password, $row['password'])) {
changepassword($username, $password);
}
}
}
}
$hasher = new PasswordHash(8, false);
if ($hasher->CheckPassword($password, $row['password'])) {
return 1;
}
}
//end if
return 0;
}
function authenticate($username, $password)
{
$encrypted_old = md5($password);
$row = dbFetchRow("SELECT username,password FROM `users` WHERE `username`= ?", array($username));
if ($row['username'] && $row['username'] == $username) {
// Migrate from old, unhashed password
if ($row['password'] == $encrypted_old) {
$row = dbFetchRow("DESCRIBE users password");
if ($row['Type'] == 'varchar(34)') {
changepassword($username, $password);
}
return 1;
}
if ($row['password'] == crypt($password, $row['password'])) {
return 1;
}
}
return 0;
}
/*$controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control");
$controlrow = mysql_fetch_array($controlquery);*/
include 'lib.php';
$link = opendb();
include 'cookies.php';
$userrow = checkcookies();
if (isset($_GET["do"])) {
$do = $_GET["do"];
if ($do == "register") {
register();
} elseif ($do == "verify") {
verify();
} elseif ($do == "lostpassword") {
lostpassword();
} elseif ($do == "changepassword") {
changepassword();
} elseif ($do == "doardinheiro") {
doardinheiro();
} elseif ($do == "banco") {
banco();
} elseif ($do == "doaritem") {
doaritem();
} elseif ($do == "troca1") {
troca1();
} elseif ($do == "troca2") {
troca2();
} elseif ($do == "troca3") {
troca3();
} elseif ($do == "troca4") {
troca4();
} elseif ($do == "batalha1") {
<?php
$no_refresh = true;
$pagetitle[] = 'Preferences';
echo '<h3>User Preferences</h3>';
if ($_SESSION['userlevel'] == 11) {
demo_account();
} else {
if ($_POST['action'] == 'changepass') {
if (authenticate($_SESSION['username'], $_POST['old_pass'])) {
if ($_POST['new_pass'] == '' || $_POST['new_pass2'] == '') {
$changepass_message = 'Password must not be blank.';
} else {
if ($_POST['new_pass'] == $_POST['new_pass2']) {
changepassword($_SESSION['username'], $_POST['new_pass']);
$changepass_message = 'Password Changed.';
} else {
$changepass_message = "Passwords don't match.";
}
}
} else {
$changepass_message = 'Incorrect password';
}
}
include 'includes/update-preferences-password.inc.php';
echo "<div class='well'>";
if (passwordscanchange($_SESSION['username'])) {
echo '<h3>Change Password</h3>';
echo $changepass_message;
echo "<form method='post' action='preferences/' class='form-horizontal' role='form'>\n <input type=hidden name='action' value='changepass'>\n <div class='form-group'>\n <label for='old_pass' class='col-sm-2 control-label'>Old Password</label>\n <div class='col-sm-4'>\n <input type=password name=old_pass autocomplete='off' class='form-control input-sm'>\n </div>\n <div class='col-sm-6'>\n </div>\n </div>\n <div class='form-group'>\n <label for='new_pass' class='col-sm-2 control-label'>New Password</label>\n <div class='col-sm-4'>\n <input type=password name=new_pass autocomplete='off' class='form-control input-sm'>\n </div>\n <div class='col-sm-6'>\n </div>\n </div>\n <div class='form-group'>\n <label for='new_pass2' class='col-sm-2 control-label'>New Password</label>\n <div class='col-sm-4'>\n <input type=password name=new_pass2 autocomplete='off' class='form-control input-sm'>\n </div>\n <div class='col-sm-6'>\n </div>\n </div>\n <button type='submit' class='btn btn-default'>Submit</button>\n</form>";
echo '</div>';
function writebody()
{
global $db, $domain, $suserid, $sitename, $cachelife, $template, $gamesfolder, $thumbsfolder, $limitboxgames, $seo_on, $blogentriesshown, $enabledcode_on, $comments_on, $directorypath, $autoapprovecomments, $gamesonpage, $abovegames, $belowgames, $showwebsitelimit, $supportemail, $showblog, $blogentriesshown, $blogcharactersshown, $blogcommentpermissions, $blogcommentsshown, $blogfollowtags, $blogcharactersrss, $usrdata, $userid, $avatar_on, $gender_on, $aimg, $fimg, $mimg;
if (!isset($suserid)) {
echo '<div class=\'error\'>Please login first.</div>';
return;
}
function changeavatar()
{
global $domain, $db, $usrdata, $seo_on, $template, $directorypath;
$userid = $usrdata['userid'];
if (isset($_POST['avatar'])) {
$avatar = clean($_POST['avatar']);
if ($avatar == 0) {
mysql_query("UPDATE fas_users SET avatar='{$avatar}', avatarfile='' WHERE userid='{$userid}'");
echo '<div class=\'msg\'>Profile updated</div>';
} else {
function findexts($filename)
{
$filename = strtolower($filename);
$exts = explode(".", $filename);
$n = count($exts) - 1;
$exts = $exts[$n];
return $exts;
}
if ($_FILES['uploaded']['size'] > 40000) {
echo '<div class=\'error\'>File size too big.</div>';
return;
}
$ext = findexts($_FILES['uploaded']['name']);
$os = array("gif", "jpg", "jpeg", "png");
if (!in_array($ext, $os)) {
echo '<div class=\'error\'>File type not allowed or no file selected!</div>';
return;
} else {
}
$ran = "avatar";
$ran3 = $usrdata['userid'];
$ran4 = $ran . $userid . '.';
$avatarfile = $ran4 . $ext;
//This assigns the subdirectory you want to save into... make sure it exists!
$target = $directorypath . "avatars/";
//This combines the directory, the userid, and the extension
$target = $target . $ran4 . $ext;
if (move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) {
echo '<div class=\'msg\'>The file has been uploaded.</div>';
mysql_query("UPDATE fas_users SET avatar='{$avatar}', avatarfile='{$avatarfile}' WHERE userid='{$userid}'");
} else {
echo '<div class=\'error\'>Sorry, there was a problem uploading your file.</div>';
}
}
} else {
if ($seo_on == 1) {
$curl1 = '' . $domain . '/myaccount/changeavatar/';
} else {
$curl1 = '' . $domain . '/index.php?action=myaccount&cmd=changeavatar';
}
echo '<table align=\'center\' width="100%">
<tr>
<td colspan=\'4\' class=\'header\'>Edit Avatar</td>
</tr>
<tr>
<td class=\'content\'>
<form enctype=\'multipart/form-data\' action=\'' . $curl1 . '\' method=\'POST\'>
Use Avatar?:
<select type=\'dropdown\' name=\'avatar\'>
<option value=\'0\'>No</option>
<option value=\'1\' >Yes</option>
</select>
<p>
Please choose a file: <input name=\'uploaded\' type=\'file\' /><br />
<input type=\'submit\' value=\'Upload\' />
</form>
</td>
</tr>
</table>';
}
}
function account()
{
global $domain, $db, $seo_on, $usrdata, $utemplate, $template, $avatar_on, $gender_on, $aimg, $fimg, $mimg;
if ($seo_on == 1) {
$url1 = '' . $domain . '/myaccount/favorites/';
$url2 = '' . $domain . '/myaccount/changepassword/';
$url3 = '' . $domain . '/myaccount/';
$url4 = '' . $domain . '/messages/';
$url5 = '' . $domain . '/myaccount/changeavatar/';
$url6 = '' . $domain . '/myaccount/changequestion/';
$url7 = '' . $domain . '/myaccount/changeemail/';
} else {
$url1 = '' . $domain . '/index.php?action=myaccount&cmd=favorites';
$url2 = '' . $domain . '/index.php?action=myaccount&cmd=changepassword';
$url3 = '' . $domain . '/index.php?action=myaccount';
$url4 = '' . $domain . '/index.php?action=messages';
$url5 = '' . $domain . '/index.php?action=myaccount&cmd=changeavatar';
$url6 = '' . $domain . '/index.php?action=myaccount&cmd=changequestion';
$url7 = '' . $domain . '/index.php?action=myaccount&cmd=changeemail';
}
if (isset($_POST['newsletter'])) {
$userid = $usrdata['userid'];
$newsletter = clean($_POST['newsletter']);
$utemplate = clean($_POST['template']);
$aim = clean($_POST['aim']);
$icq = clean($_POST['icq']);
$msn = clean($_POST['msn']);
$yim = clean($_POST['yim']);
$location = clean($_POST['location']);
$job = clean($_POST['job']);
$website = clean($_POST['website']);
$link1 = clean($_POST['link1']);
$link2 = clean($_POST['link2']);
$link3 = clean($_POST['link3']);
$link4 = clean($_POST['link4']);
$link5 = clean($_POST['link5']);
$link6 = clean($_POST['link6']);
$link7 = clean($_POST['link7']);
$link8 = clean($_POST['link8']);
$sex = clean($_POST['sex']);
$interests = clean($_POST['interests']);
$bio = clean($_POST['bio']);
$ip = $_SERVER['REMOTE_ADDR'];
mysql_query("UPDATE fas_users SET newsletter='{$newsletter}', template='{$utemplate}', aim='{$aim}', icq='{$icq}', msn='{$msn}', yim='{$yim}', location='{$location}',\njob='{$job}', website='{$website}', link1='{$link1}', link2='{$link2}', link3='{$link3}', link4='{$link4}', link5='{$link5}', link6='{$link6}', link7='{$link7}', link8='{$link8}', sex='{$sex}', interests='{$interests}', bio='{$bio}', ip='{$ip}' WHERE userid='{$userid}'");
echo '<div class=\'msg\'>Profile updated</div><p>';
}
$userid = $usrdata['userid'];
$ir = $db->query(sprintf('SELECT * FROM fas_users WHERE userid=\'%u\'', $userid));
$r2 = $db->fetch_row($ir);
$username = $r2['username'];
$plays = $r2['plays'];
$newsletter = $r2['newsletter'];
$utemplate = $r2['template'];
$aim = $r2['aim'];
$icq = $r2['icq'];
$msn = $r2['msn'];
$yim = $r2['yim'];
$location = $r2['location'];
$job = $r2['job'];
$website = $r2['website'];
$link1 = $r2['link1'];
$link2 = $r2['link2'];
$link3 = $r2['link3'];
$link4 = $r2['link4'];
$link5 = $r2['link5'];
$link6 = $r2['link6'];
$link7 = $r2['link7'];
$link8 = $r2['link8'];
$sex = $r2['sex'];
$interests = $r2['interests'];
$bio = $r2['bio'];
$avatar = $r2['avatar'];
$avatarfile = $r2['avatarfile'];
if ($newsletter == "yes") {
$nsel = "selected";
} else {
$nsel = "";
}
if ($sex == "m") {
$msel = "selected";
}
if ($sex == "f") {
$fsel = "selected";
}
$avatarfileurl = get_avatar($userid);
echo '<table align=\'center\' width="100%">
<tr>
<td colspan=\'4\' class=\'header\'>My Account</td>
</tr>
<tr>
<td class=\'content\' style=\'padding:3px;\'><img src=\'' . $domain . '/avatars/' . $avatarfileurl . '\' height=\'100\' width=\'100\' /></td>
<td colspan=\'3\' class=\'content\' style=\'padding:3px;\'><a href=\'' . $url1 . '\'>My Favorites</a> -
<a href=\'' . $url2 . '\'>Change Password</a> -
<a href= \'' . $url6 . '\'>Change security question/answer</a> -
<a href= \'' . $url7 . '\'>Change email</a> -
<a href= \'' . $url4 . '\'>Messages</a> -
<a href= \'' . $url5 . '\'>Change Avatar</a>
</td>
</tr>
<tr>
<form action="' . $url3 . '" method="POST">
<td class="content">Games Played:</td>
<td class="content">' . $plays . '</td>
</tr>
<tr>
<td class="content">Newsletter:</td>
<td class="content"><select type="dropdown" name="newsletter">
<option value="no">No</option>
<option value="yes" ' . $nsel . ' >Yes</option>
</select>
</td>
</tr>
<tr>
<td class="content">Template:</td>
<td class="content"><select type="dropdown" name="template">
<option value="default">default</option>';
$theme = "SELECT * FROM fas_themes WHERE `active`='1'";
$theme = sqlcache('themes', $cachelife, $theme);
foreach ($theme as $row2) {
if ($row2['name'] == $utemplate) {
$usel = "selected";
} else {
$usel = NULL;
}
echo "<option value=" . $row2['name'] . " " . $usel . " >" . $row2['name'] . "</option>";
}
echo '
</select>
</td>
</tr>
<tr>
<td class="content">Location:</td>
<td class="content"><input name="location" type="text" size="50" value="' . $location . '"></td>
</tr>
<tr>
<td class="content">Website:<br><small>(Leave off the http://)</small></td>
<td class="content"><input name="website" type="text" size="50" value="' . $website . '"></td>
</tr>
<tr>
<td class="content">Occupation:<br></td>
<td class="content"><input name="job" type="text" size="50" value="' . $job . '"></td>
</tr>
<tr>
<td class="content">Sex:</td>
<td class="content"><select type="dropdown" name="sex" >
<option value="u">Undisclosed</option>
<option value="m" ' . $msel . '>Male</option>
<option value="f" ' . $fsel . '>Female</option>
</select></td>
</tr>
<tr>
<td class="content">AIM:</td>
<td class="content"><input name="aim" type="text" size="50" value="' . $aim . '"></td>
</tr>
<tr>
<td class="content">ICQ:</td>
<td class="content"><input name="icq" type="text" size="50" value="' . $icq . '"></td>
</tr>
<tr>
<td class="content">MSN:</td>
<td class="content"><input name="msn" type="text" size="50" value="' . $msn . '"></td>
</tr>
<tr>
<td class="content">Yahoo:</td>
<td class="content"><input name="yim" type="text" size="50" value="' . $yim . '"></td>
</tr>
<tr>
<td class="content">Interests:<br><small>100 characters<br>HTML/scripts not allowed!</small></td>
<td class="content"><textarea name="interests" rows="2" cols="50" >' . $interests . '</textarea></td>
</tr>
<tr>
<td class="content">About Me:<br><small>250 characters<br>HTML/scripts not allowed!</small></td>
<td class="content"><textarea name="bio" rows="4" cols="50" >' . $bio . '</textarea></td>
</tr>
<tr>
<td class="content">My Cool Sites:<br><small>For your MySpace profile, FaceBook, Twitter, Etc. <br>(Leave off the http://)</small></td>
<td class="content">
<input name="link1" type="text" size="50" value="' . $link1 . '"><br>
<input name="link2" type="text" size="50" value="' . $link2 . '"><br>
<input name="link3" type="text" size="50" value="' . $link3 . '"><br>
<input name="link4" type="text" size="50" value="' . $link4 . '"><br>
<input name="link5" type="text" size="50" value="' . $link5 . '"><br>
<input name="link6" type="text" size="50" value="' . $link6 . '"><br>
<input name="link7" type="text" size="50" value="' . $link7 . '"><br>
<input name="link8" type="text" size="50" value="' . $link8 . '">
</td>
</tr>
<tr>
<td class="content" colspan="4">
<input type="submit" name="submit" value="Submit Changes">
</td>
</tr>
</table>';
}
function deletefavorite()
{
global $domain, $db, $usrdata, $template;
$in1 = $db->query(sprintf('SELECT * FROM fas_games WHERE ID=\'%u\'', $_GET['deleteID']));
$in = $db->fetch_row($in1);
$gamename = preg_replace('#\\W#', '', $in['name']);
echo '<div class=\'msg\'>Are you sure you want to remove the game ' . $gamename . ' from your favorites?<br>
<a href=\'' . $domain . '/index.php?action=myaccount&cmd=favorites&deletename=' . $gamename . '&deleteID=' . $_GET['deleteID'] . '\'>Yes</a> <a href=\'' . $domain . '/index.php?action=myaccount&cmd=favorites\'>No</a></div>';
}
function favorites()
{
global $domain, $db, $usrdata, $thumbsfolder, $gamesfolder, $seo_on, $template;
if (isset($_GET['deleteID']) && !empty($_GET['deleteID'])) {
mysql_query('DELETE FROM fas_user_favorites WHERE userid=\'' . $usrdata['userid'] . '\' AND gameid=\'' . $_GET['deleteID'] . '\'');
echo '<div class=\'msg\'>Deleted ' . $_GET['deletename'] . ' from your favorites.</div>';
}
$ro = $db->query(sprintf('SELECT * FROM fas_user_favorites WHERE userid=\'' . $usrdata['userid'] . '\''));
echo '<table align=\'center\' width="100%">
<tr>
<td colspan=\'4\' class=\'header\'>My Favorites</td>
</tr>';
while ($r = $db->fetch_row($ro)) {
$in1 = $db->query(sprintf('SELECT * FROM fas_games WHERE ID=\'%u\'', $r['gameid']));
$in = $db->fetch_row($in1);
$gamename = preg_replace('#\\W#', '', $in['name']);
if ($seo_on == 1) {
$playlink = '' . $domain . '/play/' . $in['ID'] . '-' . $gamename . '.html';
} else {
$playlink = '' . $domain . '/index.php?action=play&ID=' . $in['ID'] . '';
}
echo '
<tr>
<td valign=\'top\' colspan=\'2\' class=\'header\'><a href=\'' . $playlink . '\'><b>' . $in['name'] . '</b></a></td>
</tr>
<tr>
<td width=\'55\' height=\'55\' valign=\'top\' class=\'content\'>
<a href=\'' . $playlink . '\'>
';
if ($in['type'] == 1) {
echo ' <img src=\'' . $domain . '/' . $thumbsfolder . '/' . $in['thumb'] . '\' width=\'55\' height=\'55\' border=\'0\' alt=\'' . $gamename . '\'>';
} else {
echo ' <img src=\'' . $in['thumburl'] . '\' width=\'55\' height=\'55\' border=\'0\' alt=\'' . $gamename . '\'>';
}
echo ' </a>
</td>
<td valign=\'top\' class=\'content\'>' . browsedesclimit($in['description']) . '';
mysql_query('DELETE FROM fas_user_favorites WHERE ID=' . $in['ID'] . '');
echo '<div style="float: right; padding-right: 20px;"><a href=\'' . $domain . '/index.php?action=myaccount&cmd=deletefavorite&deleteID=' . $in['ID'] . '\'><img src=\'' . $domain . '/templates/' . $template . '/images/delete.png\' border=\'0\' alt="delete" /></a></div>
</td>
</tr>';
}
echo '</table>';
echo ' ';
}
function changeemail()
{
global $domain, $db, $usrdata, $seo_on, $supportemail, $sitename, $template;
$userid = $usrdata['userid'];
$ir = $db->query(sprintf('SELECT * FROM fas_users WHERE userid=\'%u\'', $userid));
$r2 = $db->fetch_row($ir);
$current_email = $r2['email'];
if (isset($_POST['submit'])) {
$email = clean($_POST['email']);
if (!$email) {
echo '<div class=\'error\'>All feilds are required!</div>';
return;
}
if ($email == $current_email) {
echo '<div class=\'error\'>This is your current email. Change your email to something different</div>';
return;
}
$ru = $db->query('SELECT email FROM fas_users WHERE email=\'' . $email . '\'');
if ($db->num_rows($ru) == 1) {
echo '<div class=\'error\'>Email is already in use.</div>';
return;
}
$user_name = $usrdata[username];
$activation_number = rand();
$subject = 'Email change';
$message = 'Dear ' . $user_name . ',<br>We have recived a request to change your email on <a href="' . $domain . '">' . $sitename . '</a>. Please click <a href="' . $domain . '/index.php?action=activateemail&newemail=' . $email . '&oldemail=' . $current_email . '&id=' . $activation_number . '">here</a> to activate your new email.<br>Thanks,<br>' . $sitename . ' administration';
$headers = 'From: ' . $supportemail . '' . "\r\n" . 'Content-Type: text/html; charset=\\"iso-8859-1\\"' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
mail($email, $subject, $message, $headers);
mysql_query("UPDATE fas_users SET `new_email`='{$email}', `new_email_key`='{$activation_number}' WHERE userid='{$usrdata['userid']}'");
echo '<div class=\'msg\'>An email has been sent for you to comfirm its correct.</div>';
}
if ($seo_on == 1) {
$surl = '' . $domain . '/myaccount/changeemail/';
} else {
$surl = '' . $domain . '/index.php?action=myaccount&cmd=changeemail';
}
echo '<form action=\'' . $surl . '\' method=\'POST\'>
<table width="100%">
<tr>
<td class=\'header\' colspan=\'2\'>Change email</td>
</tr>
<tr>
<td class=\'content\'>Email:</td>
<td class=\'content\'><input type=\'text\' name=\'email\' size=\'35\' value=\'' . $current_email . '\'></td>
</tr>
<tr>
<th colspan=\'2\' class=\'content\'><input type=\'submit\' name=\'submit\' value=\'Submit\'></th>
</tr>
</table>
</form>';
}
function changequestion()
{
global $domain, $db, $usrdata, $seo_on, $template;
if (isset($_POST['submit'])) {
$pass = clean($_POST['pass']);
$salt = $usrdata['salt'];
$pass = checkpass($pass, $salt);
$answer = clean($_POST['answer']);
$answer = checkPass($answer, $salt);
$question = clean($_POST['question']);
if (!$question || !$answer || !$pass) {
echo '<div class=\'error\'>All feilds were not filled out!</div>';
return;
}
if ($pass != $usrdata['password']) {
echo '<div class=\'error\'>Current Password is incorrect.</div>';
} else {
mysql_query("UPDATE fas_users SET `pass_question`='{$question}', `pass_answer`='{$answer}' WHERE userid='{$usrdata['userid']}'");
echo '<div class=\'msg\'>Question & answer updated.</div>';
}
}
if ($seo_on == 1) {
$surl = '' . $domain . '/myaccount/changequestion/';
} else {
$surl = '' . $domain . '/index.php?action=myaccount&cmd=changequestion';
}
$userid = $usrdata['userid'];
$ir = $db->query(sprintf('SELECT * FROM fas_users WHERE userid=\'%u\'', $userid));
$r2 = $db->fetch_row($ir);
$questionf = $r2['pass_question'];
echo '<form action=\'' . $surl . '\' method=\'POST\'>
<table width="100%">
<tr>
<td class=\'header\' colspan=\'2\'>Change password question/answer</td>
</tr>
<tr>
<td class=\'content\'>Question:</td>
<td class=\'content\'><input type=\'text\' name=\'question\' size=\'35\' value=\'' . $questionf . '\'></td>
</tr>
<tr>
<td class=\'content\'>Answer:</td>
<td class=\'content\'><input type=\'text\' name=\'answer\' size=\'35\' value=\'\'></td>
</tr>
<tr>
<td class=\'content\'>Current Password:</td>
<td class=\'content\'><input type=\'password\' name=\'pass\' size=\'35\'></td>
</tr>
<tr>
<th colspan=\'2\' class=\'content\'><input type=\'submit\' name=\'submit\' value=\'Submit\'></th>
</tr>
</table>
</form>';
}
function changepassword()
{
global $domain, $db, $usrdata, $seo_on, $template;
if (isset($_POST['submit'])) {
$salt = $usrdata['salt'];
$oldpass = clean($_POST['oldpass']);
$newpass = clean($_POST['newpass']);
$oldpass = checkpass($oldpass, $salt);
$newpass = setpass($newpass, $salt);
if (!$oldpass || !$newpass) {
echo '<div class=\'error\'>All feilds were not filled out!</div>';
return;
}
if ($oldpass != $usrdata['password']) {
echo '<div class=\'error\'>Old Password is incorrect.</div>';
} else {
$db->query(sprintf('UPDATE fas_users SET password=\'%s\' WHERE userid=\'%u\'', $newpass, $usrdata['userid']));
echo '<div class=\'msg\'>Password Updated</div>';
}
}
if ($seo_on == 1) {
$surl = '' . $domain . '/myaccount/changepassword/';
} else {
$surl = '' . $domain . '/index.php?action=myaccount&cmd=changepassword';
}
echo '<form action=\'' . $surl . '\' method=\'POST\'>
<table width="100%">
<tr>
<td class=\'header\' colspan=\'2\'>Change Password</td>
</tr>
<tr>
<td class=\'content\'>Old Password:</td>
<td class=\'content\'><input type=\'password\' name=\'oldpass\' size=\'35\'></td>
</tr>
<tr>
<td class=\'content\'>New Password:</td>
<td class=\'content\'><input type=\'password\' name=\'newpass\' size=\'35\'></td>
</tr>
<tr>
<th colspan=\'2\' class=\'content\'><input type=\'submit\' name=\'submit\' value=\'Submit\'></th>
</tr>
</table>
</form>';
}
if (!isset($_GET['cmd'])) {
$_GET['cmd'] = NULL;
}
switch ($_GET['cmd']) {
default:
account();
break;
case 'favorites':
favorites();
break;
case 'deletefavorite':
deletefavorite();
break;
case 'changepassword':
changepassword();
break;
case 'changequestion':
changequestion();
break;
case 'changeemail':
changeemail();
break;
case 'changeavatar':
changeavatar();
break;
}
}
echo "<option value='" . $bill['bill_id'] . "'>" . $bill['bill_name'] . '</option>';
}
}
echo "</select>\n </div>\n <button type='submit' class='btn btn-default' name='Submit' value='Add'>Add</button>\n </form>\n </div>";
} elseif ($vars['user_id'] && $vars['edit']) {
if ($_SESSION['userlevel'] == 11) {
demo_account();
} else {
if (!empty($vars['new_level'])) {
if ($vars['can_modify_passwd'] == 'on') {
$vars['can_modify_passwd'] = '1';
}
update_user($vars['user_id'], $vars['new_realname'], $vars['new_level'], $vars['can_modify_passwd'], $vars['new_email']);
print_message('User has been updated');
if (!empty($vars['new_pass1']) && $vars['new_pass1'] == $vars['new_pass2'] && passwordscanchange($vars['cur_username'])) {
if (changepassword($vars['cur_username'], $vars['new_pass1']) == 1) {
print_message("User password has been updated");
} else {
print_error("Password couldn't be updated");
}
} elseif (!empty($vars['new_pass1']) && $vars['new_pass1'] != $vars['new_pass2']) {
print_error("The supplied passwords didn't match so weren't updated");
}
}
if (can_update_users() == '1') {
$users_details = get_user($vars['user_id']);
if (!empty($users_details)) {
if (empty($vars['new_realname'])) {
$vars['new_realname'] = $users_details['realname'];
}
if (empty($vars['new_level'])) {
session_unset();
header('Location: index.php?action=home');
case "addUsers":
$page['title'] = "Faculty - Add New Users";
require_once 'header.php';
require_once 'staff/addUsers.php';
require_once 'footer.php';
break;
case 'myaccount':
$page['title'] = "My Account";
require_once 'header.php';
require_once 'myaccount.php';
require_once 'footer.php';
break;
case 'changepassword':
changepassword($_SESSION['userID'], $_POST['NewPassword']);
break;
case "createUser":
addUser();
break;
case "addCourse":
addNewCourse();
break;
case "addSemester":
addNewSemester();
break;
case "addAssignment":
addNewAssignment();
break;
case "updateRemoveEnrollment":
updateRemoveEnrollment();
echo mb_convert_encoding(long_help($argv, $lang), $termtopage, 'UTF-8');
exit;
}
$bError = $argc !== 3 && $argc !== 4;
if (!$bError) {
$out = false;
require_once dirname(__FILE__) . '/../synapp/connect.php';
switch ($argv[1]) {
case 'adduser':
$out = $argc === 4 ? adduser($argv[2], $argv[3], prompt($termfrompage, $termtopage), $lang, connect()) : false;
break;
case 'deluser':
$out = $argc === 3 ? deluser($argv[2], $lang, connect()) : false;
break;
case 'changepassword':
$out = $argc === 3 ? changepassword($argv[2], prompt($termfrompage, $termtopage), connect()) : false;
break;
default:
$bError = true;
}
$bError = $out !== true;
}
if ($bError !== false) {
if (isset($out) && is_string($out)) {
echo mb_convert_encoding($out, $termtopage, 'UTF-8') . PHP_EOL . PHP_EOL;
}
echo mb_convert_encoding(short_help($argv, $lang), $termtopage, 'UTF-8');
exit;
}
/**
* @param array $argv
break;
case "SendInvites":
$to = strtolower(trim($_POST['to']));
SendInvites($to);
break;
case "homelist":
$userid = mysql_real_escape_string($_POST['userid']);
homelist($userid, $viddler_session_id);
break;
case "changepassword":
$userid = mysql_real_escape_string($_POST['userid']);
$oldpassword = mysql_real_escape_string(md5($_POST['oldpassword']));
$newpassword = mysql_real_escape_string($_POST['newpassword']);
$confirmpassword = mysql_real_escape_string($_POST['confirmpassword']);
$email = mysql_real_escape_string($_POST['email']);
changepassword($userid, $oldpassword, $newpassword, $confirmpassword, $email);
break;
case "user_details":
$userid = $authuserid;
user_details($userid);
break;
case "searchusers":
//$tile_name = strtolower(trim($_POST['tile_name']));
$username = strtolower(trim($_POST['username']));
//searchusers($username, $tile_name);
searchdata($username);
break;
case "search":
$search = $_POST['search'];
searchdata($search);
break;
<?php
require "./todolist.php";
$act = $_GET["act"];
if ($act == "check_password") {
$old_password = $_POST["old_password"];
$json_message = check_password($old_password);
echo $json_message;
} else {
if ($act = "changepassword") {
$new_password = $_POST['new_password'];
$json_message = changepassword($new_password);
$message = json_decode($json_message);
if ($message->changepassword == "change success") {
logout();
}
//echo "nvwiopnb";
echo $json_message;
}
}
</ul>
</div>
</div>
</div>
</form>
<?php
if ($vars['user_id']) {
if ($vars['action'] == "deleteuser") {
include "pages/edituser/deleteuser.inc.php";
} else {
// Perform actions if requested
if (passwordscanchange($user_data['username']) && $vars['action'] == "changepass") {
if ($_POST['new_pass'] == $_POST['new_pass2']) {
changepassword($user_data['username'], $_POST['new_pass']);
print_message("Password Changed.");
} else {
print_error("Passwords don't match!");
}
}
if ($vars['action'] == "becomeuser") {
$_SESSION['origusername'] = $_SESSION['username'];
$_SESSION['username'] = $user_data['username'];
header("Location: /");
dbInsert(array('user' => $_SESSION['origusername'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Became ' . $_SESSION['username']), 'authlog');
include "includes/authenticate.inc.php";
}
if ($vars['action'] == "deldevperm") {
if (dbFetchCell("SELECT COUNT(*) FROM devices_perms WHERE `device_id` = ? AND `user_id` = ?", array($vars['device_id'], $vars['user_id']))) {
dbDelete('devices_perms', "`device_id` = ? AND `user_id` = ?", array($vars['device_id'], $vars['user_id']));
