function process()
{
    global $lang, $DB, $Account;
    if ($_POST['retr_login'] && $_POST['retr_email'] && $_POST['secretq1'] && $_POST['secretq2'] && $_POST['secreta1'] && $_POST['secreta2']) {
        //set return as true - we will make false if something is wrong
        $return = TRUE;
        /*Check 1*/
        $username = strip_if_magic_quotes($_POST['retr_login']);
        if (check_for_symbols($username, 1) == TRUE) {
            $return = FALSE;
        } else {
            if ($DB->selectRow("SELECT * FROM `account` WHERE username='******'") == false) {
                $username == FALSE;
                $return = FALSE;
            } else {
                $d = $DB->selectRow("SELECT * FROM `account` WHERE username='******'");
                $username =& $d['id'];
                $username_name =& $d['username'];
                $email =& $d['email'];
                $posted_email =& $_POST['retr_email'];
                /*Check 2*/
                if ($email != $posted_email) {
                    $return = FALSE;
                }
            }
        }
        $secreta1 =& $_POST['secreta1'];
        $secreta2 =& $_POST['secreta2'];
        /*Check 3*/
        if (check_for_symbols($_POST['secreta1']) || check_for_symbols($_POST['secreta2'])) {
            $return = FALSE;
        }
        if ($return == FALSE) {
            output_message('error', $lang['restore_pass_fail'] . '<meta http-equiv=refresh content="3;url=index.php?p=account&sub=restore">');
        } elseif ($return == TRUE) {
            $rp_sq1 = strip_if_magic_quotes($_POST['secretq1']);
            $rp_sq2 = strip_if_magic_quotes($_POST['secretq2']);
            $rp_sa1 = strip_if_magic_quotes($_POST['secreta1']);
            $rp_sa2 = strip_if_magic_quotes($_POST['secreta2']);
            $we = $DB->selectRow("SELECT account_id FROM `mw_account_extend` WHERE account_id='" . $username . "' AND secret_q1='" . $rp_sq1 . "' AND secret_q2='" . $rp_sq2 . "' AND secret_a1='" . $rp_sa1 . "' AND secret_a2='" . $rp_sa2 . "'");
            if ($we !== FALSE) {
                $pas = random_string(7);
                $c_pas = $Account->sha_password($username_name, $pas);
                $DB->query("UPDATE `account` SET sha_pass_hash='" . $c_pas . "' WHERE id='" . $username . "'");
                $DB->query("UPDATE `account` SET sessionkey=NULL WHERE id='" . $username . "'");
                output_message('success', $lang['restore_pass_success'] . '<br /> New password: '******'error', $lang['restore_pass_fail'] . '<meta http-equiv=refresh content="3;url=index.php?n=account&sub=restore">');
            }
        }
    } else {
        output_message('error', $lang['restore_pass_fail'] . '<meta http-equiv=refresh content="3;url=index.php?p=account&sub=restore">');
        echo "<br />";
    }
}
Example #2
0
                 }
             }
         }
     } elseif ($_POST['deleteavatar'] == 1 && preg_match("/\\d+\\.\\w+/i", $_POST['avatarfile'])) {
         if (@unlink((string) $MW->getConfig->generic->avatar_path . $_POST['avatarfile'])) {
             $DB->query("UPDATE account_extend SET avatar=NULL WHERE account_id=?d LIMIT 1", $user['id']);
         }
     }
     if (isset($_POST['profile']['g_id'])) {
         unset($_POST['profile']['g_id']);
     }
     $_POST['profile']['signature'] = htmlspecialchars($_POST['profile']['signature']);
     $DB->query("UPDATE account_extend SET ?a WHERE account_id=?d LIMIT 1", RemoveXSS($_POST['profile']), $user['id']);
     redirect('index.php?n=account&sub=manage', 1);
 } elseif ($_GET['action'] == 'changesecretq') {
     if (check_for_symbols($_POST['secreta1']) == FALSE && check_for_symbols($_POST['secreta2']) == FALSE && $_POST[secretq1] != '0' && $_POST[secretq2] != '0' && isset($_POST[secreta1]) && isset($_POST[secreta2]) && strlen($_POST[secreta1]) > 4 && strlen($_POST[secreta2]) > 4 && $_POST['secreta1'] != $_POST['secreta2'] && $_POST['secretq1'] != $_POST['secretq2']) {
         $DB->query("UPDATE account_extend SET secretq1=?,secretq2=?,secreta1=?,secreta2=? WHERE account_id=?d", strip_if_magic_quotes($_POST['secretq1']), strip_if_magic_quotes($_POST['secretq2']), strip_if_magic_quotes($_POST['secreta1']), strip_if_magic_quotes($_POST['secreta2']), $user['id']);
         output_message('notice', '<b>' . $lang['changed_secretq'] . '</b><meta http-equiv=refresh content="4;url=index.php?n=account&sub=manage">');
     } else {
         output_message('alert', '<b>' . $lang['fail_change_secretq'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=manage">');
     }
 } elseif ($_GET['action'] == 'resetsecretq') {
     if ($_POST['reset_secretq']) {
         $DB->query("UPDATE account_extend SET secretq1='0',secretq2='0',secreta1='0',secreta2='0' WHERE account_id=?d", $user['id']);
         output_message('notice', '<b>' . $lang['reset_succ_secretq'] . '</b><meta http-equiv=refresh content="4;url=index.php?n=account&sub=manage">');
     }
 } elseif ($_GET['action'] == 'change_gameplay') {
     if ($_POST['switch_wow_type'] == 'wotlk') {
         $DB->query("UPDATE `account` SET expansion='2' WHERE `id`=?d", $user['id']);
         output_message('notice', '<b>' . $lang['exp_set'] . '</b><meta http-equiv=refresh content="4;url=index.php?n=account&sub=manage">');
     } elseif ($_POST['switch_wow_type'] == 'tbc') {
Example #3
0
     } else {
         $d = $DB->selectRow("SELECT * FROM `account` WHERE username=?", $username);
         $username =& $d['id'];
         $username_name =& $d['username'];
         $email =& $d['email'];
         $posted_email =& $_POST['retr_email'];
         /*Check 2*/
         if ($email != $posted_email) {
             $return = FALSE;
         }
     }
 }
 $secreta1 =& $_POST['secreta1'];
 $secreta2 =& $_POST['secreta2'];
 /*Check 3*/
 if (check_for_symbols($_POST['secreta1']) || check_for_symbols($_POST['secreta2'])) {
     $return = FALSE;
 }
 if ($return == FALSE) {
     output_message('alert', '<b>' . $lang['fail_restore_pass'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=restore">');
 } elseif ($return == TRUE) {
     $we = $DB->selectRow("SELECT account_id FROM `account_extend` WHERE account_id=? AND secretq1=? AND secretq2=? AND secreta1=? AND secreta2=?", $username, strip_if_magic_quotes($_POST['secretq1']), strip_if_magic_quotes($_POST['secretq2']), strip_if_magic_quotes($_POST['secreta1']), strip_if_magic_quotes($_POST['secreta2']));
     if ($we == false) {
         $we = $DB->selectRow("SELECT account_id FROM `account_extend` WHERE account_id=? AND secretq1=? AND secretq2=? AND secreta1=? AND secreta2=?", $username, strip_if_magic_quotes($_POST['secretq2']), strip_if_magic_quotes($_POST['secretq1']), strip_if_magic_quotes($_POST['secreta2']), strip_if_magic_quotes($_POST['secreta1']));
     }
     if ($we == true) {
         $pas = random_string(7);
         $c_pas = sha_password($username_name, $pas);
         $DB->query("UPDATE `account` SET sha_pass_hash=? WHERE id=?d", $c_pas, $username);
         $DB->query("UPDATE `account` SET sessionkey=NULL WHERE id=?d", $username);
         output_message('notice', '<b>' . $lang['restore_pass_ok'] . '<br /> New password: '******'</b>');
 //Another check if user is logged on.
 if ($loggedin == '0') {
     $loggedin = $CHDB->selectCell("SELECT online FROM `characters` WHERE account=?d", $account_id);
 }
 //Checks if user has MAX players.
 $numchars = $DB->selectCell("SELECT numchars FROM realmcharacters WHERE acctid=?d AND realmid=?d", $account_id, $rid);
 /******** FORM CHECKS ********/
 if ($class == false) {
 } elseif ($faction == false) {
 } elseif ($classexists == true) {
     output_message('alert', '<b>' . $lang['charcreate_nameinuse'] . '<br/>' . $lang['redirecting_wait'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=charcreate">');
 } elseif ($name == false) {
     output_message('alert', '<b>' . $lang['charcreate_invalidname'] . '<br/>' . $lang['redirecting_wait'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=charcreate">');
 } elseif ($loggedin == 1) {
     output_message('alert', '<b>' . $lang['charcreate_loggedin'] . '<br/>' . $lang['redirecting_wait'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=charcreate">');
 } elseif (check_for_symbols($checknamestring, 1) == TRUE) {
     output_message('alert', '<b>' . $lang['charcreate_nameissymbols'] . '<br/>' . $lang['redirecting_wait'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=charcreate">');
 } elseif ($numchars == 9) {
     output_message('alert', '<b>' . $lang['charcreate_tomanychars'] . '<br/>' . $lang['redirecting_wait'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=charcreate">');
 } else {
     //Here is the main section for character creation. You define your values.
     // You create a character in-game, look up the ID in character table.
     /*******************  MAIN COPY ******************/
     // Tables wich is going to be copied.
     #character
     #character_action
     #character_homebind
     #character_inventory
     #character_reputation
     #character_skills
     #character_spell
 function setSecretQuestions($id, $sq1, $sa1, $sq2, $sa2)
 {
     $sq1 = strip_if_magic_quotes($sq1);
     $sa1 = strip_if_magic_quotes($sa1);
     $sq2 = strip_if_magic_quotes($sq2);
     $sa2 = strip_if_magic_quotes($sa2);
     // Check for symbols
     if (check_for_symbols($sa1) == FALSE && check_for_symbols($sa2) == FALSE && $sq1 != '0' && $sq2 != '0') {
         if (strlen($sa1) >= 4 && strlen($sa2) >= 4) {
             if ($sa1 != $sa2 && $sq1 != $sq2) {
                 $this->DB->query("UPDATE `mw_account_extend` SET `secret_q1`='{$sq1}', `secret_q2`='{$sq2}', `secret_a1`='{$sa1}', `secret_a2`='{$sa2}' WHERE `account_id`='{$id}'");
                 return 1;
                 // 1 = Set
             } else {
                 return 2;
                 // 2 = Answers or questions where the same
             }
         } else {
             return 3;
             // Answers where less then 4 characters long
         }
     } else {
         return 4;
         // Answers contained symbols
     }
 }
function Register()
{
    global $DB, $Config, $allow_reg, $err_array, $Account, $lang;
    // Check to see if we still are allowed to register
    if ($allow_reg == TRUE) {
        // Inizialize variable, we use this after. Use this to add extensions.
        $notreturn = FALSE;
        // Extensions
        // Each extention you see down-under will check for specific user input,
        // In this step we set "requirements" for what user may input.
        // Ext 1 - Image verification
        // We need to see if its enabled, and if the user put in the right code
        if ($Config->get('reg_act_imgvar') == 1) {
            $image_key =& $_POST['image_key'];
            $filename = mysql_real_escape_string($_POST['filename_image']);
            $correctkey = $DB->selectCell("SELECT `key` FROM `mw_acc_creation_captcha` WHERE `filename` ='" . $filename . "'");
            // Check for key match
            if (strtolower($correctkey) != strtolower($image_key) || $image_key == '') {
                $notreturn = TRUE;
                $err_array[] = $lang['image_var_incorrect'];
            } else {
                // Delete the key from the DB, and delete the image from the cache folder
                $DB->query("DELETE FROM `mw_acc_creation_captcha` WHERE filename='" . $filename . "'");
                @unlink($filename);
            }
        }
        // Ext 2 - secret questions
        // Check if user questions are required, if so we need to check for symbols, and character lenght
        if ($Config->get('reg_secret_questions') == 1) {
            if ($_POST['secretq1'] && $_POST['secretq2'] && $_POST['secreta1'] && $_POST['secreta2']) {
                if (check_for_symbols($_POST['secreta1']) || check_for_symbols($_POST['secreta2'])) {
                    $notreturn = TRUE;
                    $err_array[] = $lang['secretq_error_symbols'];
                }
                if ($_POST['secretq1'] == $_POST['secretq2']) {
                    $notreturn = TRUE;
                    $err_array[] = $lang['secretq_error_same'];
                }
                if ($_POST['secreta1'] == $_POST['secreta2']) {
                    $notreturn = TRUE;
                    $err_array[] = $lang['secretq_error_same'];
                }
                if (strlen($_POST['secreta1']) < 4 || strlen($_POST['secreta2']) < 4) {
                    $notreturn = TRUE;
                    $err_array[] = $lang['secretq_error_short'];
                }
            } else {
                $notreturn = TRUE;
                $err_array[] = $lang['secretq_error_empty'];
            }
        }
        // Ext 3 - make sure the username isnt already in use
        if ($Account->isAvailableUsername($_POST['r_login']) == FALSE) {
            $notreturn = TRUE;
            $err_array[] = $lang['username_taken'];
        }
        // Ext 4 - make sure password is not username
        if ($_POST['r_login'] == $_POST['r_pass']) {
            $notreturn = TRUE;
            $err_array[] = $lang['user_pass_same'];
        }
        // Main add into the database
        if ($notreturn == FALSE) {
            // @$Enter is the main input arrays into the SDL
            $Enter = $Account->register(array('username' => $_POST['r_login'], 'sha_pass_hash' => $Account->sha_password($_POST['r_login'], $_POST['r_pass']), 'sha_pass_hash2' => $Account->sha_password($_POST['r_login'], $_POST['r_cpass']), 'email' => $_POST['r_email'], 'expansion' => $_POST['r_account_type'], 'password' => $_POST['r_pass']), array('secretq1' => strip_if_magic_quotes($_POST['secretq1']), 'secreta1' => strip_if_magic_quotes($_POST['secreta1']), 'secretq2' => strip_if_magic_quotes($_POST['secretq2']), 'secreta2' => strip_if_magic_quotes($_POST['secreta2'])));
            // lets catch the return on the register function
            if ($Enter == 1) {
                if ($Config->get('reg_invite') == 1) {
                    $Account->delete_key($_POST['r_key']);
                }
                $reg_succ = TRUE;
            } elseif ($Enter == 0) {
                $reg_succ = FALSE;
                $err_array[] = $lang['some_params_empty'];
            } elseif ($Enter == 2) {
                $reg_succ = FALSE;
                $err_array[] = $lang['empty_param_username'];
            } elseif ($Enter == 3) {
                $reg_succ = FALSE;
                $err_array[] = $lang['passwords_dont_match'];
            } elseif ($Enter == 4) {
                $reg_succ = FALSE;
                $err_array[] = $lang['empty_param_email'];
            } elseif ($Enter == 5) {
                $reg_succ = FALSE;
                $err_array[] = $lang['your_ip_is_banned'];
            } else {
                $reg_succ = FALSE;
                $err_array[] = "Account Creation [FATAL ERROR]: User cannot be created, likely due to incorrect database configuration.  Contact the administrator.";
            }
        } else {
            $reg_succ = FALSE;
        }
        // If there were any errors, then they are outputed here
        if ($reg_succ == FALSE) {
            if (!$err_array[0]) {
                $err_array[0] = "Unknown Reason";
            }
            $output_error = $lang['register_failed'];
            $output_error .= "<ul><li>";
            $output_error .= implode("</li><li>", $err_array);
            $output_error .= "</li></ul>";
            output_message('error', $output_error . 'Redirecting...<meta http-equiv=refresh content="8;url=?p=account&sub=register">');
        } else {
            if ((int) $Config->get('require_act_activation') == 1) {
                output_message('success', $lang['activation_email_sent']);
            } else {
                output_message('success', $lang['register_success'] . '<meta http-equiv=refresh content="5;url=?p=account&sub=login">');
            }
        }
    } else {
        return FALSE;
    }
}