Example #1
0
function verify_webuser($username, $pass)
{
    $hash = encode_password($pass);
    $data = array("username" => $username, "password" => $hash);
    // send to backend
    $response = rest_post(API_BASE_URL . "verifyWebUser.token=" . DEVICE_CODE, json_encode($data));
    /*if (!response_status($response))
    		echo "failed";
    	else
    		echo "success";*/
    return response_status($response);
}
Example #2
0
    function user_auth($user_name, $user_password)
    {
        global $_CLASS;
        $sql = 'SELECT user_id, username, user_password, user_password_encoding, user_status 
					FROM ' . USERS_TABLE . " WHERE username = '******'core_db']->escape($user_name) . "'";
        $result = $_CLASS['core_db']->query($sql);
        $status = false;
        if ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
            if (encode_password($user_password, $row['user_password_encoding']) == $row['user_password']) {
                if ($row['user_status'] != STATUS_ACTIVE) {
                    $status = $row['user_status'] == STATUS_DISABLED ? 'ACTIVE_ERROR' : 'UNACTIVATED_ERROR';
                }
                return (int) $row['user_id'];
            }
        }
        $_CLASS['core_db']->free_result($result);
        return $status;
    }
Example #3
0
    $loginKey = random_code(30);
    setcookie('kimai_key', $loginKey);
    setcookie('kimai_user', $userData['name']);
    $database->user_loginSetKey($userId, $loginKey);
    header('Location: core/kimai.php');
}
// =================================================================
// = processing login and displaying either login screen or errors =
// =================================================================
switch ($_REQUEST['a']) {
    case 'checklogin':
        $is_customer = $database->is_customer_name($name);
        Kimai_Logger::logfile('login: '******' as customer' : ' as user'));
        if ($is_customer) {
            // perform login of customer
            $passCrypt = encode_password($password);
            $customerId = $database->customer_nameToID($name);
            $data = $database->customer_get_data($customerId);
            // TODO: add BAN support
            if ($data['password'] == $passCrypt && $name != '' && $passCrypt != '') {
                $loginKey = random_code(30);
                setcookie('kimai_key', $loginKey);
                setcookie('kimai_user', 'customer_' . $name);
                $database->customer_loginSetKey($customerId, $loginKey);
                header('Location: core/kimai.php');
            } else {
                setcookie('kimai_key', '0');
                setcookie('kimai_user', '0');
                $view->assign('headline', $kga['lang']['accessDenied']);
                $view->assign('message', $kga['lang']['wrongPass']);
                $view->assign('refresh', '<meta http-equiv="refresh" content="5;URL=index.php">');
    if (empty($error)) {
        require_once SITE_FILE_ROOT . 'includes/tables.php';
        require_once SITE_FILE_ROOT . 'includes/cache/cache.php';
        require_once SITE_FILE_ROOT . 'includes/cache/cache_' . $acm_type . '.php';
        load_class(false, 'core_cache', 'cache_' . $acm_type);
        set_core_config('global', 'site_name', $site_name, false);
        set_core_config('server', 'site_domain', $site_domain, false);
        set_core_config('server', 'site_path', $site_path, false);
        set_core_config('server', 'site_port', $site_port, false);
        set_core_config('email', 'site_email', $email, false);
        set_core_config('server', 'cookie_domain', $cookie_domain, false);
        set_core_config('server', 'cookie_path', $cookie_path, false);
        set_core_config('server', 'cookie_name', $cookie_name, false);
        set_core_config('server', 'site_secure', 0, false);
        set_core_config('user', 'newest_username', $username, true);
        $user_update = array('username' => $username, 'user_password' => encode_password($password, 'md5'), 'user_password_encoding' => 'md5', 'user_email' => $email);
        $_CLASS['core_db']->query('UPDATE ' . USERS_TABLE . ' SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $user_update) . ' WHERE user_id = 2');
        $_CLASS['core_template']->assign_array(array('admin_link' => generate_link(false, array('full' => true, 'sid' => false, 'admin' => true)), 'username' => $username));
        $_CLASS['core_template']->display('installer/complete.html');
        script_close();
    }
    $_CLASS['core_template']->assign_array(array('site_name' => $site_name, 'site_domain' => $site_domain, 'site_path' => $site_path, 'site_port' => $site_port, 'cookie_domain' => $cookie_domain, 'cookie_path' => $cookie_path, 'cookie_name' => $cookie_name, 'username' => $username, 'password' => $password, 'password_confirm' => $password_confirm, 'email' => $email, 'email_confirm' => $email_confirm, 'error' => empty($error) ? false : implode('<br/>', $error), 'config_content' => $config_content));
    $_CLASS['core_template']->display('installer/stage3.html');
    script_close();
}
if ($stage === 3) {
    if ($db_layer && in_array($db_layer, array_keys($database_array))) {
        load_class(SITE_FILE_ROOT . 'includes/db/' . $db_layer . '.php', 'core_db', 'db_' . $db_layer);
        $site_db = array();
        $site_db['type'] = $db_layer;
        $site_db['persistent'] = false;
Example #5
0
            break;
        case "notyet":
            print_logon_form();
            break;
        default:
            http_response_code(400);
            exit;
    }
} else {
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        $uamip = $_POST['uamip'];
        $uamport = $_POST['uamport'];
        $username = $_POST['username'];
        $password = $_POST['password'];
        $challenge = $_POST['challenge'];
        $encoded_password = encode_password($password, $challenge, $uam_secret);
        $redirect_url = "http://{$uamip}:{$uamport}/logon" . "?username="******"&password="******"&redir=" . urlencode("http://myportal.example.com");
        session_start();
        if (isset($_POST["userurl"])) {
            $_SESSION["userurl"] = $_POST["userurl"];
        } else {
            unset($_SESSION["userurl"]);
        }
        session_write_close();
        header("Location: {$redirect_url}", TRUE, 302);
        exit;
    } else {
        http_response_code(400);
        exit;
Example #6
0
function dekripsi($text)
{
    @session_start();
    $session_name = "Kh41r4";
    $a = substr($text, 0, 2);
    $b = substr($text, 2);
    $c = encode_password($a, 1);
    $d = $c . $b;
    $dekripsi = base64_decode($d);
    $result = str_replace(@$_SESSION['kunci_' . $session_name], "", $dekripsi);
    #$result = $text;
    return $result;
}
 function ucp_register($id, $mode)
 {
     global $site_file_root, $config, $_CLASS, $_CORE_CONFIG;
     $coppa = isset($_REQUEST['coppa']) ? (int) $_REQUEST['coppa'] : null;
     $submit = isset($_POST['submit']);
     if ($_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_DISABLE || ($coppa || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_SELF || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_ADMIN) && !$_CORE_CONFIG['email']['email_enable']) {
         trigger_error('UCP_REGISTER_DISABLE');
     }
     $_CLASS['core_template']->assign('S_UCP_ACTION', generate_link('Control_Panel&amp;mode=register'));
     $error = $data = array();
     $s_hidden_fields = '';
     if (!isset($_POST['agreed'])) {
         if ($_CORE_CONFIG['user']['coppa_enable'] && is_null($coppa)) {
             $now = explode(':', gmdate('m:j:Y'));
             $coppa_birthday = $_CLASS['core_user']->format_date(mktime(12, 0, 0, $now[0], $now[1], $now[2] - 13), 'D M d, Y');
             $_CLASS['core_template']->assign_array(array('L_COPPA_NO' => sprintf($_CLASS['core_user']->lang['UCP_COPPA_BEFORE'], $coppa_birthday), 'L_COPPA_YES' => sprintf($_CLASS['core_user']->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday), 'U_COPPA_NO' => generate_link('Control_Panel&amp;mode=register&amp;coppa=0'), 'U_COPPA_YES' => generate_link('Control_Panel&amp;mode=register&amp;coppa=1'), 'S_SHOW_COPPA' => true, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_REGISTER_ACTION' => generate_link('Control_Panel&amp;mode=register')));
         } else {
             $s_hidden_fields .= '<input type="hidden" name="coppa" value="' . $coppa . '" />';
             $_CLASS['core_template']->assign_array(array('S_SHOW_COPPA' => false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_REGISTER_ACTION' => generate_link('Control_Panel&amp;mode=register')));
         }
         $this->display($_CLASS['core_user']->lang['REGISTER'], 'ucp_agreement.html');
         script_close();
     }
     if ($submit) {
         require_once $site_file_root . 'includes/functions_user.php';
         $error = array();
         $username = get_variable('username', 'POST', false);
         $password = get_variable('password', 'POST', false);
         $email = get_variable('email', 'POST', false);
         $email_confirm = get_variable('email_confirm', 'POST', '');
         //when we add this make sure to confirm that it's one of the installed langs
         $lang = $_CORE_CONFIG['global']['default_lang'];
         $tz = get_variable('tz', 'POST', false);
         if (strpos($username, "\n")) {
             die;
         }
         $username_validate = validate_username($username);
         if ($username_validate !== true) {
             $error[] = $_CLASS['core_user']->get_lang($username_validate);
         }
         if (!$password || $password !== get_variable('password_confirm', 'POST', '')) {
             $error[] = $_CLASS['core_user']->get_lang('PASSWORD_ERROR');
         }
         if (!$email || $email !== $email_confirm) {
             $error[] = $_CLASS['core_user']->get_lang('EMAIL_ERROR');
         } elseif (!check_email($email)) {
             $error[] = $_CLASS['core_user']->get_lang('EMAIL_INVALID');
         }
         if (!$tz || !in_array($tz, tz_array())) {
             $tz = null;
         }
         if ($_CORE_CONFIG['user']['enable_confirm']) {
             $confirmation_code = $_CLASS['core_user']->session_data_get('confirmation_code');
             $confirm_code = trim(get_variable('confirm_code', 'POST', false));
             if (!$confirm_code || !$confirmation_code || $confirm_code != $confirmation_code) {
                 $error[] = $_CLASS['core_user']->get_lang('CONFIRM_CODE_WRONG');
             }
             // we don't need this any more
             $_CLASS['core_user']->user_data_kill('confirmation_code');
         }
         if (empty($error)) {
             $password = encode_password($password, $_CORE_CONFIG['user']['password_encoding']);
             if (!$password) {
                 //do some admin contact thing here
                 die('Activation disabled: Passwaord encoding problem');
             }
             if ($coppa || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_SELF || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_ADMIN) {
                 if (!$_CORE_CONFIG['email']['email_enable']) {
                     //do some admin contact thing here
                     die('Activation disabled: Email Disabled');
                 }
                 $user_status = STATUS_PENDING;
                 $user_act_key = generate_string(10);
                 if ($coppa) {
                     $message = $_CLASS['core_user']->lang['ACCOUNT_COPPA'];
                     $email_template = 'coppa_welcome_inactive';
                 } elseif ($_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_SELF) {
                     $message = $_CLASS['core_user']->lang['ACCOUNT_INACTIVE'];
                     $email_template = 'user_welcome_inactive';
                 } elseif ($_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_ADMIN) {
                     $message = $_CLASS['core_user']->lang['ACCOUNT_INACTIVE_ADMIN'];
                     $email_template = 'admin_welcome_inactive';
                 }
             } else {
                 $user_status = STATUS_ACTIVE;
                 $user_act_key = null;
                 $email_template = 'user_welcome';
                 $message = $_CLASS['core_user']->lang['ACCOUNT_ADDED'];
             }
             $data = array('username' => (string) $username, 'user_email' => (string) $email, 'user_group' => $coppa ? 3 : 2, 'user_reg_date' => (int) $_CLASS['core_user']->time, 'user_timezone' => (string) $tz, 'user_password' => (string) $password, 'user_password_encoding' => (string) $_CORE_CONFIG['user']['password_encoding'], 'user_lang' => $lang ? (string) $lang : null, 'user_type' => USER_NORMAL, 'user_status' => (int) $user_status, 'user_act_key' => (string) $user_act_key, 'user_ip' => (string) $_CLASS['core_user']->ip);
             user_add($data);
             if ($data['user_status'] === STATUS_ACTIVE) {
                 set_core_config('user', 'newest_user_id', $data['user_id'], false);
                 set_core_config('user', 'newest_username', $data['username'], false);
                 set_core_config('user', 'total_users', $_CORE_CONFIG['user']['total_users'] + 1, false);
             }
             require_once $site_file_root . 'includes/mailer.php';
             $mailer = new core_mailer();
             $mailer->to($email, $username);
             $mailer->subject($subject);
             $_CLASS['core_template']->assign_array(array('SITENAME' => $_CORE_CONFIG['global']['site_name'], 'WELCOME_MSG' => sprintf($_CLASS['core_user']->lang['WELCOME_SUBJECT'], $_CORE_CONFIG['global']['site_name']), 'USERNAME' => $username, 'PASSWORD' => $password, 'EMAIL_SIG' => '', 'U_ACTIVATE' => generate_link('system&amp;mode=activate&user_id=' . $data['user_id'] . '&key=' . $user_act_key, array('sid' => false, 'full' => true))));
             if ($coppa) {
                 $_CLASS['core_template']->assign_array(array('FAX_INFO' => $_CORE_CONFIG['user']['coppa_fax'], 'MAIL_INFO' => $_CORE_CONFIG['user']['coppa_mail'], 'EMAIL_ADDRESS' => $email, 'SITENAME' => $_CORE_CONFIG['global']['site_name']));
             }
             $mailer->message = trim($_CLASS['core_template']->display('modules/Control_Panel/email/' . $email_template, true));
             $mailer->send();
             $message = $message . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_INDEX'], '<a href="' . generate_link() . '">', '</a>');
             trigger_error($message);
         }
     }
     $s_hidden_fields .= '<input type="hidden" name="coppa" value="' . $coppa . '" />';
     $s_hidden_fields .= '<input type="hidden" name="agreed" value="true" />';
     if ($_CORE_CONFIG['user']['enable_confirm']) {
         $_CLASS['core_user']->session_data_set('confirmation_code', generate_string(6));
         $confirm_image = '<img src="' . generate_link('system&amp;mode=confirmation_image') . '" alt="" title="" />';
     } else {
         $confirm_image = false;
     }
     if ($submit) {
         if ($_CORE_CONFIG['user']['max_reg_attempts']) {
             $attempts = (int) $_CLASS['core_user']->session_data_get('reg_attempts', 0);
             if ($attempts > $_CORE_CONFIG['user']['max_reg_attempts']) {
                 trigger_error($_CLASS['core_user']->lang['TOO_MANY_REGISTERS']);
             }
             $_CLASS['core_user']->session_data_get('reg_attempts', $attempts + 1);
         }
     }
     switch ($_CORE_CONFIG['user']['activation']) {
         case USER_ACTIVATION_SELF:
             $l_reg_cond = $_CLASS['core_user']->lang['UCP_EMAIL_ACTIVATE'];
             break;
         case USER_ACTIVATION_ADMIN:
             $l_reg_cond = $_CLASS['core_user']->lang['UCP_ADMIN_ACTIVATE'];
             break;
         default:
             $l_reg_cond = '';
             break;
     }
     $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\\w]+' => 'USERNAME_ALPHA_ONLY', '[\\w_\\+\\. \\-\\[\\]]+' => 'USERNAME_ALPHA_SPACERS');
     $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? false : implode('<br />', $error), 'USERNAME' => isset($username) ? $username : '', 'PASSWORD' => isset($password) ? $password : '', 'EMAIL' => isset($email) ? $email : '', 'EMAIL_CONFIRM' => isset($email_confirm) ? $email_confirm : '', 'CONFIRM_IMG' => $confirm_image, 'SELECT_TZ' => select_tz(isset($tz) ? $tz : $_CORE_CONFIG['global']['default_timezone']), 'L_CONFIRM_EXPLAIN' => sprintf($_CLASS['core_user']->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'), 'L_ITEMS_REQUIRED' => $l_reg_cond, 'L_USERNAME_EXPLAIN' => sprintf($_CLASS['core_user']->lang[$user_char_ary[$_CORE_CONFIG['user']['allow_name_chars']] . '_EXPLAIN'], $_CORE_CONFIG['user']['min_name_chars'], $_CORE_CONFIG['user']['max_name_chars']), 'L_NEW_PASSWORD_EXPLAIN' => sprintf($_CLASS['core_user']->lang['NEW_PASSWORD_EXPLAIN'], $_CORE_CONFIG['user']['min_pass_chars'], $_CORE_CONFIG['user']['max_pass_chars']), 'S_COPPA' => $coppa, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => generate_link("Control_Panel&amp;mode=register")));
     $this->display($_CLASS['core_user']->lang['REGISTER'], 'ucp_register.html');
 }
Example #8
0
 /* RECEIVE VALUE */
 $user_name = isset($_REQUEST['user_name']) ? $_REQUEST['user_name'] : '';
 $user_password = isset($_REQUEST['user_password']) ? $_REQUEST['user_password'] : '';
 $api_client = isset($_REQUEST['api_client']) ? $_REQUEST['api_client'] : '';
 $location_url = isset($_REQUEST['location_url']) ? $_REQUEST['location_url'] : '';
 $return = array('errcode' => 'e_1001', 'errmsg' => lang('error', 'e_1001'), 'data' => '');
 if ($user_name && $user_password) {
     //校验用户或者编号是否存在
     $check_user_info = array();
     $check_user_info = DB::fetch_first("SELECT user_id,user_password FROM " . DB::table('users') . " WHERE user_name ='" . $user_name . "' AND isdelete = 0 LIMIT 1");
     if (empty($check_user_info)) {
         $check_user_info = DB::fetch_first("SELECT user_id,user_password FROM " . DB::table('users') . " WHERE user_id ='" . $user_name . "' AND isdelete = 0 LIMIT 1");
     }
     //校验密码
     if ($check_user_info['user_id']) {
         $user_encode_password = encode_password($user_password);
         if ($user_encode_password == $check_user_info['user_password']) {
             if ($api_client) {
                 allow_crossdomain();
                 $userinfo = DB::fetch_first("SELECT * FROM " . DB::table('users') . " WHERE user_id ='" . $check_user_info['user_id'] . "' LIMIT 1");
                 //并返回用户信息
                 $return = array('errcode' => 'e_1000', 'errmsg' => lang('error', 'e_1000'), 'data' => $userinfo);
             } elseif ($location_url) {
                 $user['user_id'] = $check_user_info['user_id'];
                 ext::synlogin($user, $user);
                 header('location:' . $location_url . '');
                 die;
             } else {
                 $user['user_id'] = $check_user_info['user_id'];
                 ext::synlogin($user, $user);
                 $return = array('errcode' => 'e_1000', 'errmsg' => lang('error', 'e_1000'), 'data' => '');
Example #9
0
}
$form_username = mysql_real_escape_string(stripslashes($username), $c);
$raw_password = stripslashes($password);
$uq = mysql_query("SELECT `userid`, `userpass`, `pass_salt`\n                 FROM `users`\n                 WHERE `login_name` = '{$form_username}'", $c);
if (mysql_num_rows($uq) == 0) {
    die("<h3>{GAME_NAME} Error</h3>\n\tInvalid username or password!<br />\n\t<a href='login.php'>&gt; Back</a>");
} else {
    $mem = mysql_fetch_assoc($uq);
    $login_failed = false;
    // Pass Salt generation: autofix
    if (empty($mem['pass_salt'])) {
        if (md5($raw_password) != $mem['userpass']) {
            $login_failed = true;
        }
        $salt = generate_pass_salt();
        $enc_psw = encode_password($mem['userpass'], $salt, true);
        $e_salt = mysql_real_escape_string($salt, $c);
        // in case of changed salt function
        $e_encpsw = mysql_real_escape_string($enc_psw, $c);
        // ditto for password encoder
        mysql_query("UPDATE `users`\n        \t\t SET `pass_salt` = '{$e_salt}', `userpass` = '{$e_encpsw}'\n        \t\t WHERE `userid` = {$mem['userid']}", $c);
    } else {
        $login_failed = !verify_user_password($raw_password, $mem['pass_salt'], $mem['userpass']);
    }
    if ($login_failed) {
        die("<h3>{GAME_NAME} Error</h3>\n\t\tInvalid username or password!<br />\n\t\t<a href='login.php'>&gt; Back</a>");
    }
    if ($mem['userid'] == 1 && file_exists('./installer.php')) {
        die("<h3>{GAME_NAME} Error</h3>\n                The installer still exists! You need to delete installer.php immediately.<br />\n                <a href='login.php'>&gt; Back</a>");
    }
    session_regenerate_id();
Example #10
0
File: Http.php Project: kimai/kimai
 /**
  * @param string $username
  * @param string $password
  * @param int $userId
  * @return bool
  */
 public function authenticate($username, $password, &$userId)
 {
     $userId = $this->database->user_name2id($username);
     if ($userId === false) {
         return true;
     }
     $userData = $this->database->user_get_data($userId);
     $pass = $userData['password'];
     $userId = $userData['userID'];
     $passCrypt = encode_password($password);
     return $pass == $passCrypt && $username != '';
 }
Example #11
0
         } else {
             $tip2 = '你上传的不是图片文件,只支持jpg/gif/png三种格式';
         }
     } else {
         $tip2 = '图片尚未上传或太大了';
     }
 } else {
     if ($action == 'chpw') {
         $password_current = addslashes(trim($_POST['password_current']));
         $password_new = addslashes(trim($_POST['password_new']));
         $password_again = addslashes(trim($_POST['password_again']));
         if ($password_current && $password_new && $password_again) {
             if ($password_new == $password_again) {
                 if (encode_password($password_current, $cur_user['regtime']) == $cur_user['password']) {
                     if ($password_current != $password_new) {
                         $new_md5pw = encode_password($password_new, $cur_user['regtime']);
                         if ($DBS->unbuffered_query("UPDATE yunbbs_users SET password='******' WHERE id='{$cur_uid}'")) {
                             //更新缓存和cookie
                             $cur_user['password'] = $new_md5pw;
                             $new_ucode = md5($cur_uid . $new_md5pw . $cur_user['regtime'] . $cur_user['lastposttime'] . $cur_user['lastreplytime']);
                             setcookie("cur_uid", $cur_uid, time() + 86400 * 365, '/');
                             setcookie("cur_uname", $cur_uname, time() + 86400 * 365, '/');
                             setcookie("cur_ucode", $new_ucode, time() + 86400 * 365, '/');
                             $tip3 = '密码已成功更改,请记住新密码';
                         } else {
                             $tip3 = '数据保存失败,请稍后再试';
                         }
                     } else {
                         $tip3 = '输入的新密码和原来的密码相同,没修改!';
                     }
                 } else {
Example #12
0
    $kga['password_salt'] = createPassword(20);
    if (write_config_file($kga['server_database'], $kga['server_hostname'], $kga['server_username'], $kga['server_password'], '', $kga['server_prefix'], $kga['language'], $kga['password_salt'], 'Europe/Berlin')) {
        echo '<tr><td>' . $kga['lang']['updater'][140] . '</td><td class="green">&nbsp;&nbsp;</td></tr>';
    } else {
        die($kga['lang']['updater'][130]);
    }
    // Reset all passwords
    $new_passwords = array();
    $users = $database->queryAll("SELECT * FROM {$p}usr");
    foreach ($users as $user) {
        if ($user['usr_name'] == 'admin') {
            $new_password = '******';
        } else {
            $new_password = createPassword(8);
        }
        exec_query("UPDATE `{$p}usr` SET pw = '" . encode_password($new_password) . "' WHERE usr_ID = {$user['usr_ID']}");
        if ($result) {
            $new_passwords[$user['usr_name']] = $new_password;
        }
    }
}
if ((int) $revisionDB < 1068) {
    Kimai_Logger::logfile("-- update to r1068");
    exec_query("ALTER TABLE `{$p}usr` CHANGE `autoselection` `autoselection` TINYINT( 1 ) NOT NULL default '0';");
}
if ((int) $revisionDB < 1077) {
    Kimai_Logger::logfile("-- update to r1076");
    exec_query("ALTER TABLE `{$p}usr` CHANGE `usr_mail` `usr_mail` varchar(160) DEFAULT ''");
    exec_query("ALTER TABLE `{$p}usr` CHANGE `pw` `pw` varchar(254) NULL DEFAULT NULL");
    exec_query("ALTER TABLE `{$p}usr` CHANGE `lang` `lang` varchar(6) DEFAULT ''");
    exec_query("ALTER TABLE `{$p}zef` CHANGE `zef_comment` `zef_comment` TEXT NULL DEFAULT NULL");
Example #13
0
 /**
  * @param string $username
  * @param string $password
  * @param string $key
  * @return array
  */
 public function resetPassword($username, $password, $key)
 {
     $kga = $this->getKga();
     $database = $this->getDatabase();
     $is_customer = $database->is_customer_name($username);
     if ($is_customer) {
         $customerId = $database->customer_nameToID($username);
         $customer = $database->customer_get_data($customerId);
         if ($key != $customer['passwordResetHash']) {
             return array('message' => $kga['lang']['passwordReset']['invalidKey']);
         }
         $data = array('password' => encode_password($password), 'passwordResetHash' => null);
         $database->customer_edit($customerId, $data);
     } else {
         $userId = $database->user_name2id($username);
         $user = $database->user_get_data($userId);
         if ($key != $user['passwordResetHash']) {
             return array('message' => $kga['lang']['passwordReset']['invalidKey']);
         }
         $data = array('password' => encode_password($password), 'passwordResetHash' => null);
         $database->user_edit($userId, $data);
     }
     return array('message' => $kga['lang']['passwordReset']['success'], 'showLoginLink' => true);
 }
Example #14
0
function install()
{
    menuprint('sql');
    $paypal = isset($_POST['paypal']) && valid_email($_POST['paypal']) ? gpc_cleanup($_POST['paypal']) : '';
    $adm_email = isset($_POST['a_email']) && valid_email($_POST['a_email']) ? gpc_cleanup($_POST['a_email']) : '';
    $adm_username = isset($_POST['a_username']) && strlen($_POST['a_username']) > 3 ? gpc_cleanup($_POST['a_username']) : '';
    $adm_gender = isset($_POST['gender']) && in_array($_POST['gender'], array('Male', 'Female'), true) ? $_POST['gender'] : 'Male';
    $description = isset($_POST['game_description']) ? gpc_cleanup($_POST['game_description']) : '';
    $owner = isset($_POST['game_owner']) && strlen($_POST['game_owner']) > 3 ? gpc_cleanup($_POST['game_owner']) : '';
    $game_name = isset($_POST['game_name']) ? gpc_cleanup($_POST['game_name']) : '';
    $adm_pswd = isset($_POST['a_password']) && strlen($_POST['a_password']) > 3 ? gpc_cleanup($_POST['a_password']) : '';
    $adm_cpswd = isset($_POST['a_cpassword']) ? gpc_cleanup($_POST['a_cpassword']) : '';
    $db_hostname = isset($_POST['hostname']) ? gpc_cleanup($_POST['hostname']) : '';
    $db_username = isset($_POST['username']) ? gpc_cleanup($_POST['username']) : '';
    $db_password = isset($_POST['password']) ? gpc_cleanup($_POST['password']) : '';
    $db_database = isset($_POST['database']) ? gpc_cleanup($_POST['database']) : '';
    $errors = array();
    if (empty($db_hostname)) {
        $errors[] = 'No Database hostname specified';
    }
    if (empty($db_username)) {
        $errors[] = 'No Database username specified';
    }
    if (empty($db_database)) {
        $errors[] = 'No Database database specified';
    }
    if (empty($adm_username) || !preg_match("/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+\$/i", $adm_username)) {
        $errors[] = 'Invalid admin username specified';
    }
    if (empty($adm_pswd)) {
        $errors[] = 'Invalid admin password specified';
    }
    if ($adm_pswd !== $adm_cpswd) {
        $errors[] = 'The admin passwords did not match';
    }
    if (empty($adm_email)) {
        $errors[] = 'Invalid admin email specified';
    }
    if (empty($owner) || !preg_match("/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+\$/i", $owner)) {
        $errors[] = 'Invalid game owner specified';
    }
    if (empty($game_name)) {
        $errors[] = 'Invalid game name specified';
    }
    if (empty($description)) {
        $errors[] = 'Invalid game description specified';
    }
    if (empty($paypal)) {
        $errors[] = 'Invalid game PayPal specified';
    }
    if (count($errors) > 0) {
        echo "Installation failed.<br />\n        There were one or more problems with your input.<br />\n        <br />\n        <b>Problem(s) encountered:</b>\n        <ul>";
        foreach ($errors as $error) {
            echo "<li><span style='color: red;'>{$error}</span></li>";
        }
        echo "</ul>\n        &gt; <a href='installer.php?code=config'>Go back to config</a>";
        require_once 'installer_foot.php';
        exit;
    }
    // Try to establish DB connection first...
    echo 'Attempting DB connection...<br />';
    $c = mysql_connect($db_hostname, $db_username, $db_password);
    mysql_select_db($db_database, $c);
    // Done, move on
    echo '... Successful.<br />';
    echo 'Writing game config file...<br />';
    echo 'Write DB Connector...<br />';
    $code = md5(rand(1, 100000000000));
    if (file_exists("mysql.php")) {
        unlink("mysql.php");
    }
    $e_db_hostname = addslashes($db_hostname);
    $e_db_username = addslashes($db_username);
    $e_db_password = addslashes($db_password);
    $e_db_database = addslashes($db_database);
    $config_file = <<<EOF
<?php
\$c = mysql_connect('{$e_db_hostname}', '{$e_db_username}', '{$e_db_password}') or die(mysql_error());
mysql_select_db('{$e_db_database}', \$c);
EOF;
    $f = fopen('mysql.php', 'w');
    fwrite($f, $config_file);
    fclose($f);
    echo '... file written.<br />';
    echo 'Writing base database schema...<br />';
    $fo = fopen("dbdata.sql", "r");
    $query = '';
    $lines = explode("\n", fread($fo, 1024768));
    fclose($fo);
    foreach ($lines as $line) {
        if (!(strpos($line, "--") === 0) && trim($line) != '') {
            $query .= $line;
            if (!(strpos($line, ";") === FALSE)) {
                mysql_query($query);
                $query = '';
            }
        }
    }
    echo '... done.<br />';
    echo 'Writing game configuration...<br />';
    $ins_username = mysql_real_escape_string(htmlentities($adm_username, ENT_QUOTES, 'ISO-8859-1'), $c);
    $salt = generate_pass_salt();
    $e_salt = mysql_real_escape_string($salt, $c);
    $encpsw = encode_password($adm_pswd, $salt);
    $e_encpsw = mysql_real_escape_string($encpsw, $c);
    $ins_email = mysql_real_escape_string($adm_email, $c);
    $IP = mysql_real_escape_string($_SERVER['REMOTE_ADDR'], $c);
    $ins_game_name = htmlentities($game_name, ENT_QUOTES, 'ISO-8859-1');
    $ins_game_desc = nl2br(htmlentities($description, ENT_QUOTES, 'ISO-8859-1'));
    $ins_game_owner = htmlentities($owner, ENT_QUOTES, 'ISO-8859-1');
    $ins_game_id1name = htmlentities($adm_username, ENT_QUOTES, 'ISO-8859-1');
    mysql_query("INSERT INTO `users`\n             (`username`, `login_name`, `userpass`, `level`, `money`,\n             `crystals`, `donatordays`, `user_level`, `energy`, `maxenergy`,\n             `will`, `maxwill`, `brave`, `maxbrave`, `hp`, `maxhp`, `location`,\n             `gender`, `signedup`, `email`, `bankmoney`, `lastip`,\n             `pass_salt`)\n             VALUES ('{$ins_username}', '{$ins_username}', '{$e_encpsw}', 1,\n             100, 0, 0, 2, 12, 12, 100, 100, 5, 5, 100, 100, 1,\n             '{$adm_gender}', " . time() . ", '{$ins_email}', -1, '{$IP}',\n             '{$e_salt}')", $c) or die(mysql_error());
    $i = mysql_insert_id($c);
    mysql_query("INSERT INTO `userstats`\n    \t\t VALUES({$i}, 10, 10, 10, 10, 10)", $c);
    $gamename_files = array('authenticate.php', 'donator.php', 'explore.php', 'gamerules.php', 'header.php', 'helptutorial.php', 'loggedin.php', 'login.php', 'new_staff.php', 'register.php', 'voting.php');
    $gameowner_files = array('header.php', 'login.php');
    $paypal_files = array('donator.php', 'willpotion.php');
    $gamedesc_files = array('login.php');
    $id1_files = array('gamerules.php');
    $cron_files = array('crons/cron_day.php', 'crons/cron_fivemins.php', 'crons/cron_hour.php', 'crons/cron_minute.php');
    foreach ($gamename_files as $file) {
        file_update($file, '{GAME_NAME}', $ins_game_name);
    }
    foreach ($gameowner_files as $file) {
        file_update($file, '{GAME_OWNER}', $ins_game_owner);
    }
    foreach ($paypal_files as $file) {
        file_update($file, '{PAYPAL}', $paypal);
    }
    foreach ($gamedesc_files as $file) {
        file_update($file, '{GAME_DESCRIPTION}', $ins_game_desc);
    }
    foreach ($id1_files as $file) {
        file_update($file, '{ID1_NAME}', $ins_game_id1name);
    }
    foreach ($cron_files as $file) {
        file_update($file, '{CRON_CODE}', $code);
    }
    echo '... Done.<br />';
    $path = dirname($_SERVER['SCRIPT_FILENAME']);
    echo "\n    <h2>Installation Complete!</h2>\n    <hr />\n    <h3>Cron Info</h3>\n    <br />\n    This is the cron info you need for section <b>1.2 Cronjobs</b> of the installation instructions.<br />\n    <pre>\n    */5 * * * * php {$path}/crons/cron_fivemins.php {$code}\n    * * * * * php {$path}/crons/cron_minute.php {$code}\n    0 * * * * php {$path}/crons/cron_hour.php {$code}\n    0 0 * * * php {$path}/crons/cron_day.php {$code}\n    </pre>\n       ";
    echo "<h3>Installer Security</h3>\n    Attempting to remove installer... ";
    @unlink('./installer.php');
    $success = !file_exists('./installer.php');
    echo "<span style='color: " . ($success ? "green;'>Succeeded" : "red;'>Failed") . "</span><br />";
    if (!$success) {
        echo "Attempting to lock installer... ";
        @touch('./installer.lock');
        $success2 = file_exists('installer.lock');
        echo "<span style='color: " . ($success2 ? "green;'>Succeeded" : "red;'>Failed") . "</span><br />";
        if ($success2) {
            echo "<span style='font-weight: bold;'>" . "You should now remove dbdata.sql, installer.php, installer_foot.php and installer_home.php from your server." . "</span>";
        } else {
            echo "<span style='font-weight: bold; font-size: 20pt;'>" . "YOU MUST REMOVE dbdata.sql, installer.php, " . "installer_foot.php and installer_home.php from your server.<br />" . "Failing to do so will allow other people " . "to run the installer again and potentially " . "mess up your game entirely." . "</span>";
        }
    } else {
        require_once 'installer_foot.php';
        @unlink('./installer_head.php');
        @unlink('./installer_foot.php');
        @unlink('./dbdata.sql');
        exit;
    }
}
    function ucp_profile($id, $mode)
    {
        global $config, $_CLASS, $site_file_root, $_CORE_CONFIG;
        $preview = isset($_POST['preview']);
        $submit = isset($_POST['submit']);
        $module_link = generate_link("Control_Panel&amp;i={$id}&amp;mode={$mode}");
        $error = $data = array();
        $s_hidden_fields = '';
        switch ($mode) {
            case 'reg_details':
                if ($submit) {
                    $var_ary = array('username' => $_CLASS['core_user']->data['username'], 'email' => $_CLASS['core_user']->data['user_email'], 'email_confirm' => (string) '', 'new_password' => (string) '', 'cur_password' => (string) '', 'password_confirm' => (string) '');
                    foreach ($var_ary as $var => $default) {
                        $data[$var] = request_var($var, $default);
                    }
                    $var_ary = array('username' => array(array('string', false, $_CORE_CONFIG['user']['min_name_chars'], $_CORE_CONFIG['user']['max_name_chars']), array('username', $data['username'])), 'password_confirm' => array('string', true, $_CORE_CONFIG['user']['min_pass_chars'], $_CORE_CONFIG['user']['max_pass_chars']), 'new_password' => array('string', true, $_CORE_CONFIG['user']['min_pass_chars'], $_CORE_CONFIG['user']['max_pass_chars']), 'email' => array(array('string', false, 6, 60), array('email', $data['email'])), 'email_confirm' => array('string', true, 6, 60));
                    $error = validate_data($data, $var_ary);
                    extract($data);
                    unset($data);
                    if ($new_password && $password_confirm != $new_password) {
                        $error[] = 'NEW_PASSWORD_ERROR';
                    }
                    if (($new_password || $_CLASS['auth']->acl_get('u_chgemail') && $email != $_CLASS['core_user']->data['user_email'] || $username != $_CLASS['core_user']->data['username'] && $_CLASS['auth']->acl_get('u_chgname') && $_CORE_CONFIG['user']['allow_namechange']) && encode_password($cur_password, $_CLASS['core_user']->data['user_password_encoding']) != $_CLASS['core_user']->data['user_password']) {
                        $error[] = 'CUR_PASSWORD_ERROR';
                    }
                    if ($_CLASS['auth']->acl_get('u_chgemail') && $email != $_CLASS['core_user']->data['user_email'] && $email_confirm != $email) {
                        $error[] = 'NEW_EMAIL_ERROR';
                    }
                    if (!sizeof($error)) {
                        $sql_ary = array('user_email' => $_CLASS['auth']->acl_get('u_chgemail') ? $email : $_CLASS['core_user']->data['user_email']);
                        if ($_CORE_CONFIG['email']['email_enable'] && $email != $_CLASS['core_user']->data['user_email'] && ($_CORE_CONFIG['user']['require_activation'] == USER_ACTIVATION_SELF || $_CORE_CONFIG['user']['require_activation'] == USER_ACTIVATION_ADMIN)) {
                            $template_file = $config['require_activation'] == USER_ACTIVATION_ADMIN ? 'user_activate_inactive.html' : 'user_activate.html';
                            $mailer = new core_mailer();
                            $messenger->template($template_file, $_CLASS['core_user']->data['user_lang']);
                            $mailer->subject($subject);
                            $messenger->to($email, $username);
                            $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
                            $messenger->headers('X-AntiAbuse: User_id - ' . $_CLASS['core_user']->data['user_id']);
                            $messenger->headers('X-AntiAbuse: Username - ' . $_CLASS['core_user']->data['username']);
                            $messenger->headers('X-AntiAbuse: User IP - ' . $_CLASS['core_user']->ip);
                            $messenger->assign_vars(array('SITENAME' => $_CORE_CONFIG['global']['sitename'], 'USERNAME' => $username, 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']), 'U_ACTIVATE' => generate_link("Control_Panel&amp;mode=activate&u={$_CLASS['core_user']->data['user_id']}&k={$user_actkey}", array('full' => true))));
                            $body = trim($_CLASS['core_template']->display('modules/Contact/email/index.html', true));
                            $messenger->send(NOTIFY_EMAIL);
                            if ($_CORE_CONFIG['user']['require_activation'] == USER_ACTIVATION_ADMIN) {
                                // Grab an array of user_id's with a_user permissions
                                $admin_ary = $_CLASS['auth']->acl_get_list(false, 'a_user', false);
                                $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
									FROM ' . USERS_TABLE . ' 
									WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) . ')';
                                $result = $_CLASS['core_db']->sql_query($sql);
                                while ($row = $_CLASS['core_db']->sql_fetchrow($result)) {
                                    $messenger->template('admin_activate', $row['user_lang']);
                                    $messenger->replyto($config['board_contact']);
                                    $messenger->to($row['user_email'], $row['username']);
                                    $messenger->im($row['user_jabber'], $row['username']);
                                    $messenger->assign_vars(array('USERNAME' => $username, 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']), 'U_ACTIVATE' => generate_link("Control_Panel&amp;mode=activate&u={$_CLASS['core_user']->data['user_id']}&k={$user_actkey}", array('full' => true))));
                                    $messenger->send($row['user_notify_type']);
                                }
                                $_CLASS['core_db']->sql_freeresult($result);
                            }
                            $messenger->save_queue();
                            $sql_ary += array('user_type' => USER_INACTIVE, 'user_actkey' => $user_actkey);
                        }
                        $sql = 'UPDATE ' . USERS_TABLE . ' 
							SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_ary) . ' 
							WHERE user_id = ' . $_CLASS['core_user']->data['user_id'];
                        $_CLASS['core_db']->sql_query($sql);
                        // Need to update config, forum, topic, posting, messages, etc.
                        if ($username != $_CLASS['core_user']->data['username'] && $_CLASS['auth']->acl_get('u_chgname') && $_CORE_CONFIG['user']['allow_namechange']) {
                            user_update_name($_CLASS['core_user']->data['username'], $username);
                        }
                        $_CLASS['core_display']->meta_refresh(3, $module_link);
                        $message = $_CLASS['core_user']->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . $module_link . '">', '</a>');
                        trigger_error($message);
                    }
                    // Replace "error" strings with their real, localised form
                    $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$_CLASS['core_user']->lang['\\1'])) ? \$_CLASS['core_user']->lang['\\1'] : '\\1'", $error);
                }
                $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\\w]+' => 'USERNAME_ALPHA_ONLY', '[\\w_\\+\\. \\-\\[\\]]+' => 'USERNAME_ALPHA_SPACERS');
                $_CLASS['core_template']->assign(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'USERNAME' => isset($username) ? $username : $_CLASS['core_user']->data['username'], 'EMAIL' => isset($email) ? $email : $_CLASS['core_user']->data['user_email'], 'CONFIRM_EMAIL' => '', 'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '', 'NEW_PASSWORD' => isset($new_password) ? $new_password : '', 'CUR_PASSWORD' => '', 'L_USERNAME_EXPLAIN' => sprintf($_CLASS['core_user']->lang[$user_char_ary[str_replace('\\\\', '\\', $_CORE_CONFIG['user']['allow_name_chars'])] . '_EXPLAIN'], $_CORE_CONFIG['user']['min_name_chars'], $_CORE_CONFIG['user']['max_name_chars']), 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($_CLASS['core_user']->lang['CHANGE_PASSWORD_EXPLAIN'], $_CORE_CONFIG['user']['min_pass_chars'], $_CORE_CONFIG['user']['max_pass_chars']), 'S_FORCE_PASSWORD' => $_CORE_CONFIG['user']['chg_passforce'] && $this->data['user_passchg'] < time() - $_CORE_CONFIG['user']['chg_passforce'] ? true : false, 'S_CHANGE_USERNAME' => $_CORE_CONFIG['user']['allow_namechange'] && $_CLASS['auth']->acl_get('u_chgname') ? true : false, 'S_CHANGE_EMAIL' => $_CLASS['auth']->acl_get('u_chgemail') ? true : false, 'S_CHANGE_PASSWORD' => true));
                break;
            case 'profile_info':
                $error = array();
                $this_year = gmdate('Y', time());
                if ($submit) {
                    $icq = get_variable('icq', 'POST', null);
                    $aim = get_variable('aim', 'POST', null);
                    $msn = get_variable('msn', 'POST', null);
                    $yim = get_variable('yim', 'POST', null);
                    $jabber = get_variable('jabber', 'POST', null);
                    //$google = get_variable('google', 'POST', null);
                    $website = get_variable('website', 'POST', null);
                    $location = get_variable('location', 'POST', null);
                    $occupation = get_variable('occupation', 'POST', null);
                    $interests = get_variable('interests', 'POST', null);
                    $bday_day = get_variable('bday_day', 'POST', false);
                    $bday_month = get_variable('bday_month', 'POST', false);
                    $bday_year = get_variable('bday_year', 'POST', false);
                    if ($bday_day || $bday_month || $bday_year) {
                        if ($bday_day < 1 || $bday_day > 31 || $bday_month < 1 || $bday_month > 12 || $bday_year < $this_year - 100 || $bday_month > $this_year) {
                            $error[] = $_CLASS['core_user']->get_lang('BIRTHDAY_ERROR');
                        }
                    }
                    if (mb_strlen($interests) > 255) {
                        $error[] = $_CLASS['core_user']->get_lang('INTEREST_LONG_ERROR');
                    }
                    if (mb_strlen($occupation) > 255) {
                        $error[] = $_CLASS['core_user']->get_lang('OCCUPATION_LONG_ERROR');
                    }
                    if (empty($error)) {
                        $sql_ary = array('user_icq' => $icq, 'user_aim' => $aim, 'user_msnm' => $msn, 'user_yim' => $yim, 'user_jabber' => $jabber, 'user_website' => $website, 'user_from' => $location, 'user_occ' => $occupation, 'user_interests' => $interests, 'user_birthday' => $bday_day ? sprintf('%2d-%2d-%4d', $bday_day, $bday_month, $bday_year) : null);
                        $sql = 'UPDATE ' . USERS_TABLE . ' 
							SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_ary) . '
							WHERE user_id = ' . $_CLASS['core_user']->data['user_id'];
                        $_CLASS['core_db']->sql_query($sql);
                        $_CLASS['core_display']->meta_refresh(3, $module_link);
                        $message = $_CLASS['core_user']->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . $module_link . '">', '</a>');
                        trigger_error($message);
                    }
                }
                if (!isset($bday_day)) {
                    if ($_CLASS['core_user']->data['user_birthday']) {
                        list($bday_day, $bday_month, $bday_year) = explode('-', $_CLASS['core_user']->data['user_birthday']);
                    } else {
                        $bday_day = $bday_month = $bday_year = '';
                    }
                }
                $s_birthday_day_options = '<option value="0"' . (!$bday_day ? ' selected="selected"' : '') . '>--</option>';
                for ($i = 1; $i < 32; $i++) {
                    $selected = $i == $bday_day ? ' selected="selected"' : '';
                    $s_birthday_day_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                }
                $s_birthday_month_options = '<option value="0"' . (!$bday_month ? ' selected="selected"' : '') . '>--</option>';
                for ($i = 1; $i < 13; $i++) {
                    $selected = $i == $bday_month ? ' selected="selected"' : '';
                    $s_birthday_month_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                }
                $s_birthday_year_options = '';
                $s_birthday_year_options = '<option value="0"' . (!$bday_year ? ' selected="selected"' : '') . '>--</option>';
                $i = $this_year - 100;
                for ($i; $i < $this_year; $i++) {
                    $selected = $i == $bday_year ? ' selected="selected"' : '';
                    $s_birthday_year_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                }
                $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? '' : implode('<br />', $error), 'ICQ' => isset($icq) ? $icq : $_CLASS['core_user']->data['user_icq'], 'YIM' => isset($yim) ? $yim : $_CLASS['core_user']->data['user_yim'], 'AIM' => isset($aim) ? $aim : $_CLASS['core_user']->data['user_aim'], 'MSN' => isset($msn) ? $msn : $_CLASS['core_user']->data['user_msnm'], 'JABBER' => isset($jabber) ? $jabber : $_CLASS['core_user']->data['user_jabber'], 'WEBSITE' => isset($website) ? $website : $_CLASS['core_user']->data['user_website'], 'LOCATION' => isset($location) ? $location : $_CLASS['core_user']->data['user_from'], 'OCCUPATION' => isset($occupation) ? $occupation : $_CLASS['core_user']->data['user_occ'], 'INTERESTS' => isset($interests) ? $interests : $_CLASS['core_user']->data['user_interests'], 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options));
                break;
            case 'signature':
                require $site_file_root . 'includes/forums/functions_posting.php';
                // Generate smiley listing
                generate_smilies('inline', 0);
                $enable_html = $config['allow_sig_html'] ? isset($_POST['disable_html']) : false;
                $enable_bbcode = $config['allow_sig_bbcode'] ? isset($_POST['disable_bbcode']) ? false : $_CLASS['core_user']->optionget('bbcode') : false;
                $enable_smilies = $config['allow_sig_smilies'] ? isset($_POST['disable_smilies']) ? false : $_CLASS['core_user']->optionget('smilies') : false;
                $enable_urls = isset($_POST['disable_magic_url']) ? false : true;
                $signature = request_var('signature', $_CLASS['core_user']->data['user_sig']);
                if ($submit || $preview) {
                    require_once $site_file_root . 'includes/forums/message_parser.php';
                    if ($signature) {
                        $message_parser = new parse_message($signature);
                        // Allowing Quote BBCode
                        $message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, true, 'sig');
                        if (sizeof($message_parser->warn_msg)) {
                            $error[] = implode('<br />', $message_parser->warn_msg);
                        }
                        if (!sizeof($error) && $submit) {
                            $sql_ary = array('user_sig' => (string) $message_parser->message, 'user_sig_bbcode_uid' => (string) $message_parser->bbcode_uid, 'user_sig_bbcode_bitfield' => (int) $message_parser->bbcode_bitfield);
                        }
                    } else {
                        $sql_ary = array('user_sig' => '', 'user_sig_bbcode_uid' => '', 'user_sig_bbcode_bitfield' => (int) '');
                    }
                    if (!sizeof($error) && $submit) {
                        $sql = 'UPDATE ' . USERS_TABLE . ' 
							SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_ary) . ' 
							WHERE user_id = ' . $_CLASS['core_user']->data['user_id'];
                        $_CLASS['core_db']->sql_query($sql);
                        $message = $_CLASS['core_user']->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . $module_link . '\\>', '</a>');
                        trigger_error($message);
                    }
                    // Replace "error" strings with their real, localised form
                    $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$_CLASS['core_user']->lang['\\1'])) ? \$_CLASS['core_user']->lang['\\1'] : '\\1'", $error);
                }
                $signature_preview = '';
                if ($preview && $signature) {
                    // Now parse it for displaying
                    $signature_preview = $message_parser->format_display($enable_html, $enable_bbcode, $enable_urls, $enable_smilies, false);
                    unset($message_parser);
                }
                decode_message($signature, $_CLASS['core_user']->data['user_sig_bbcode_uid']);
                $_CLASS['core_template']->assign(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'SIGNATURE' => $signature, 'SIGNATURE_PREVIEW' => $signature_preview, 'S_HTML_CHECKED' => !$enable_html ? 'checked="checked"' : '', 'S_BBCODE_CHECKED' => !$enable_bbcode ? 'checked="checked"' : '', 'S_SMILIES_CHECKED' => !$enable_smilies ? 'checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => !$enable_urls ? 'checked="checked"' : '', 'HTML_STATUS' => $config['allow_sig_html'] ? $_CLASS['core_user']->lang['HTML_IS_ON'] : $_CLASS['core_user']->lang['HTML_IS_OFF'], 'BBCODE_STATUS' => $config['allow_sig_bbcode'] ? sprintf($_CLASS['core_user']->lang['BBCODE_IS_ON'], '<a href="' . generate_link('Forums&amp;file=faq&amp;mode=bbcode') . '" target="_phpbbcode">', '</a>') : sprintf($_CLASS['core_user']->lang['BBCODE_IS_OFF'], '<a href="' . generate_link('Forums&amp;file=faq&amp;mode=bbcode') . '" target="_phpbbcode">', '</a>'), 'SMILIES_STATUS' => $config['allow_sig_smilies'] ? $_CLASS['core_user']->lang['SMILIES_ARE_ON'] : $_CLASS['core_user']->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => $config['allow_sig_img'] ? $_CLASS['core_user']->lang['IMAGES_ARE_ON'] : $_CLASS['core_user']->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $config['allow_sig_flash'] ? $_CLASS['core_user']->lang['FLASH_IS_ON'] : $_CLASS['core_user']->lang['FLASH_IS_OFF'], 'L_SIGNATURE_EXPLAIN' => sprintf($_CLASS['core_user']->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']), 'S_HTML_ALLOWED' => $config['allow_sig_html'], 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies']));
                break;
            case 'avatar':
                $display_gallery = isset($_POST['display_gallery']);
                $folder = isset($_REQUEST['category']) ? str_replace(array('../', '..\\', './', '.\\'), '', $_REQUEST['category']) : false;
                $delete = isset($_POST['delete']);
                // Can we upload?
                $can_upload = file_exists($config['avatar_path']) && is_writeable($config['avatar_path']) && @ini_get('file_uploads') ? true : false;
                if ($submit) {
                    $gallery_avatar = isset($_POST['avatarselect']) ? str_replace(array('../', '..\\', './', '.\\'), '', $_POST['avatarselect']) : false;
                    if ($config['allow_avatar_local'] && $gallery_avatar) {
                        if (!file_exists($config['avatar_gallery_path'] . '/' . $gallery_avatar)) {
                            $error[] = 'BAD_AVATAR';
                        } else {
                            $type = AVATAR_GALLERY;
                            $filename = $gallery_avatar;
                            list($width, $height) = getimagesize($config['avatar_gallery_path'] . '/' . $gallery_avatar);
                        }
                    } else {
                        $data['uploadurl'] = get_variable('uploadurl', 'POST', false);
                        $data['remotelink'] = get_variable('remotelink', 'POST', '');
                        $data['width'] = get_variable('width', 'POST', '');
                        $data['height'] = get_variable('height', 'POST', '');
                        $data['user_id'] = $_CLASS['core_user']->data['user_id'];
                        require_once $site_file_root . 'includes/forums/functions_user.php';
                        if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload) {
                            list($type, $filename, $width, $height) = avatar_upload($data, $error);
                        } elseif ($data['remotelink'] && $config['allow_avatar_remote']) {
                            list($type, $filename, $width, $height) = avatar_remote($data, $error);
                        } elseif ($delete) {
                            $type = $filename = $width = $height = '';
                        } else {
                            $error[] = 'IM_LOST';
                        }
                    }
                    if (empty($error)) {
                        $sql_ary = array('user_avatar' => $filename, 'user_avatar_type' => $type, 'user_avatar_width' => $width, 'user_avatar_height' => $height);
                        $sql = 'UPDATE ' . USERS_TABLE . ' 
							SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_ary) . ' 
							WHERE user_id = ' . $_CLASS['core_user']->data['user_id'];
                        $_CLASS['core_db']->sql_query($sql);
                        // Delete old avatar if present
                        if ($_CLASS['core_user']->data['user_avatar'] && $filename != $_CLASS['core_user']->data['user_avatar'] && $_CLASS['core_user']->data['user_avatar_type'] != AVATAR_GALLERY) {
                            avatar_delete($_CLASS['core_user']->data['user_avatar']);
                        }
                        $_CLASS['core_display']->meta_refresh(3, $module_link);
                        $message = $_CLASS['core_user']->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . $module_link . '">', '</a>');
                        trigger_error($message);
                    }
                    $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$_CLASS['core_user']->lang['\\1'])) ? \$_CLASS['core_user']->lang['\\1'] : '\\1'", $error);
                }
                // Generate users avatar
                $avatar_img = '';
                if ($_CLASS['core_user']->data['user_avatar']) {
                    switch ($_CLASS['core_user']->data['user_avatar_type']) {
                        case AVATAR_UPLOAD:
                            $avatar_img = $config['avatar_path'] . '/';
                            break;
                        case AVATAR_GALLERY:
                            $avatar_img = $config['avatar_gallery_path'] . '/';
                            break;
                    }
                    $avatar_img .= $_CLASS['core_user']->data['user_avatar'];
                    $avatar_img = '<img src="' . $avatar_img . '" width="' . $_CLASS['core_user']->data['user_avatar_width'] . '" height="' . $_CLASS['core_user']->data['user_avatar_height'] . '" border="0" alt="" />';
                }
                $_CLASS['core_template']->assign(array('ERROR' => empty($error) ? '' : implode('<br />', $error), 'AVATAR' => $avatar_img, 'AVATAR_SIZE' => $config['avatar_filesize'], 'S_FORM_ENCTYPE' => $can_upload ? ' enctype="multipart/form-data"' : '', 'L_AVATAR_EXPLAIN' => sprintf($_CLASS['core_user']->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024))));
                if ($display_gallery && $config['allow_avatar_local']) {
                    require_once $site_file_root . 'includes/functions_user.php';
                    $avatar_list = avatar_gallery($folder, $folders, $error);
                    array_unshift($folders, '');
                    $s_category_options = '';
                    foreach ($folders as $cat) {
                        $s_category_options .= '<option value="' . $cat . '"' . ($cat == $folder ? ' selected="selected"' : '') . '>' . ($cat ? $cat : '--') . '</option>';
                    }
                    $_CLASS['core_template']->assign(array('S_DISPLAY_GALLERY' => true, 'S_CAT_OPTIONS' => $s_category_options));
                    foreach ($avatar_list as $avatar) {
                        $_CLASS['core_template']->assign_vars_array('avatar', array('AVATAR_IMAGE' => $config['avatar_gallery_path'] . '/' . $avatar['file'], 'AVATAR_NAME' => $avatar['name'], 'AVATAR_FILE' => $avatar['file']));
                    }
                    unset($avatar_list);
                } else {
                    $_CLASS['core_template']->assign(array('AVATAR' => $avatar_img, 'AVATAR_SIZE' => $config['avatar_filesize'], 'WIDTH' => $_CLASS['core_user']->data['user_avatar_width'], 'HEIGHT' => $_CLASS['core_user']->data['user_avatar_height'], 'S_CAN_UPLOAD' => $can_upload, 'S_LINK_AVATAR' => $config['allow_avatar_remote'], 'S_GALLERY_AVATAR' => $config['allow_avatar_local']));
                }
                break;
        }
        $_CLASS['core_template']->assign_array(array('L_TITLE' => $_CLASS['core_user']->lang['UCP_PROFILE_' . strtoupper($mode)], 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => $module_link));
        $this->display($_CLASS['core_user']->lang['UCP_PROFILE'], 'ucp_profile_' . $mode . '.html');
    }
Example #16
0
function do_pass_change()
{
    global $ir, $c, $userid, $h;
    $oldpw = stripslashes($_POST['oldpw']);
    $newpw = stripslashes($_POST['newpw']);
    $newpw2 = stripslashes($_POST['newpw2']);
    if (!verify_user_password($oldpw, $ir['pass_salt'], $ir['userpass'])) {
        echo "\n\t\tThe current password you entered was wrong.<br />\n\t\t<a href='preferences.php?action=passchange'>&gt; Back</a>\n   \t\t";
    } else {
        if ($newpw !== $newpw2) {
            echo "The new passwords you entered did not match!<br />\n\t\t<a href='preferences.php?action=passchange'>&gt; Back</a>";
        } else {
            // Re-encode password
            $new_psw = mysql_real_escape_string(encode_password($newpw, $ir['pass_salt']), $c);
            mysql_query("UPDATE `users`\n                 SET `userpass` = '{$new_psw}'\n                 WHERE `userid` = {$ir['userid']}", $c);
            echo "Password changed!<br />\n        &gt; <a href='preferences.php'>Go Back</a>";
        }
    }
}
Example #17
0
 case "unbanUser":
     // Unban a user from login
     $sts['active'] = 1;
     $database->user_edit($id, $sts);
     echo sprintf("<img border='0' title='%s' alt='%s' src='../skins/%s/grfx/jipp.gif' width='16' height='16' />", $kga['lang']['activeAccount'], $kga['lang']['activeAccount'], $view->skin()->getName());
     break;
 case "sendEditUser":
     // process editUser form
     $userData['name'] = trim($_REQUEST['name']);
     $userData['mail'] = $_REQUEST['mail'];
     $userData['alias'] = $_REQUEST['alias'];
     $userData['globalRoleID'] = $_REQUEST['globalRoleID'];
     $userData['rate'] = str_replace($kga['conf']['decimalSeparator'], '.', $_REQUEST['rate']);
     // if password field is empty => password unchanged (not overwritten with "")
     if (!empty($_REQUEST['password'])) {
         $userData['password'] = encode_password($_REQUEST['password']);
     }
     $oldGroups = $database->getGroupMemberships($id);
     // validate data
     $errorMessages = array();
     if ($database->customer_nameToID($userData['name']) !== false) {
         $errorMessages['name'] = $kga['lang']['errorMessages']['customerWithSameName'];
     }
     $assignedGroups = isset($_REQUEST['assignedGroups']) ? $_REQUEST['assignedGroups'] : array();
     $membershipRoles = isset($_REQUEST['membershipRoles']) ? $_REQUEST['membershipRoles'] : array();
     if (!checkGroupedObjectPermission('user', 'edit', $oldGroups, $assignedGroups)) {
         $errorMessages[''] = $kga['lang']['errorMessages']['permissionDenied'];
     }
     if (count($errorMessages) == 0) {
         $database->user_edit($id, $userData);
         $groups = array_combine($assignedGroups, $membershipRoles);
Example #18
0
                 "message":"' . lang('core', 'operation_failed') . '",
                 "navTabId":"admin_user_index",
                 "rel":"",
                 "reloadFlag":"1",
                 "callbackType":"closeCurrent",
                 "forwardUrl":"",
                 "confirmMsg":""
             }';
         }
         die;
     }
 } else {
     //DEBUG 新增
     if ($is_submit) {
         if ($user_password == $user_password2 && !empty($user_name) && !empty($user_realname)) {
             $user_password_encode = encode_password($user_password);
             $user_data = array("user_name" => $user_name, "user_realname" => $user_realname, "user_password" => $user_password_encode, "user_role_id" => $user_role_id, "user_score" => $user_score, "user_create_time" => TIMESTAMP);
             DB::insert('users', $user_data);
             //DEBUG 更新用户权限菜单
             ext::set_user_role_menu(2, $user_menu, $user_id);
             echo '{
                 "statusCode":"200",
                 "message":"' . lang('core', 'operation_successful') . '",
                 "navTabId":"admin_user_index",
                 "rel":"",
                 "reloadFlag":"1",
                 "callbackType":"closeCurrent",
                 "forwardUrl":"",
                 "confirmMsg":""
             }';
         } else {
Example #19
0
 $name = addslashes(strtolower(trim($_POST["name"])));
 $pw = addslashes(trim($_POST["pw"]));
 $gcode = $_POST["gauth"];
 $seccode = intval(trim($_POST["seccode"]));
 if ($name && $pw && $seccode) {
     if (strlen($name) < 21 && strlen($pw) < 32) {
         if (preg_match('/^[a-zA-Z0-9\\x80-\\xff]{4,20}$/i', $name)) {
             if (preg_match('/^[0-9]{4,20}$/', $name)) {
                 $errors[] = '名字不能全为数字';
             } else {
                 error_reporting(0);
                 session_start();
                 if ($seccode === intval($_SESSION['code'])) {
                     $db_user = $DBS->fetch_one_array("SELECT * FROM yunbbs_users WHERE name='" . $name . "' LIMIT 1");
                     if ($db_user) {
                         $pwmd5 = encode_password($pw, $db_user['regtime']);
                         if ($pwmd5 == $db_user['password']) {
                             // G Auth Checking
                             $gsecret = $db_user['gauthsecret'];
                             if ($gsecret != Null) {
                                 if ($gcode) {
                                     $ga = new GoogleAuth();
                                     $checkResult = $ga->verifyCode($gsecret, $gcode);
                                     if ($checkResult) {
                                         //设置cookie
                                         $db_ucode = md5($db_user['id'] . $db_user['password'] . $db_user['regtime'] . $db_user['lastposttime'] . $db_user['lastreplytime']);
                                         $cur_uid = $db_user['id'];
                                         setcookie("cur_uid", $cur_uid, time() + 86400 * 365, '/');
                                         setcookie("cur_uname", $name, time() + 86400 * 365, '/');
                                         setcookie("cur_ucode", $db_ucode, time() + 86400 * 365, '/');
                                         $cur_user = $db_user;
Example #20
0
/**
 * Given a password input given by the user and their actual details,
 * determine whether the password entered was correct.
 *
 * Note that password-salt systems don't require the extra md5() on the $input.
 * This is only here to ensure backwards compatibility - that is,
 * a v2 game can be upgraded to use the password salt system without having
 * previously used it, without resetting every user's password.
 *
 * @param string $input The input password given by the user.
 * 						Should be without slashes.
 * @param string $salt 	The user's unique pass salt
 * @param string $pass	The user's encrypted password
 *
 * @return boolean	true for equal, false for not (login failed etc)
 *
 */
function verify_user_password($input, $salt, $pass)
{
    return $pass === encode_password($input, $salt);
}
function new_user_submit()
{
    global $ir, $c, $userid;
    if (!isset($_POST['username']) || !isset($_POST['login_name']) || !isset($_POST['userpass'])) {
        print "You missed one or more of the required fields. Please go back and try again.<br />\n<a href='new_staff.php?action=newuser'>&gt; Back</a>";
        $h->endpage();
        exit;
    }
    $level = abs((int) $_POST['level']);
    $money = abs((int) $_POST['money']);
    $crystals = abs((int) $_POST['crystals']);
    $donator = abs((int) $_POST['donatordays']);
    $ulevel = abs((int) $_POST['user_level']);
    $strength = abs((int) $_POST['strength']);
    $agility = abs((int) $_POST['agility']);
    $guard = abs((int) $_POST['guard']);
    $labour = abs((int) $_POST['labour']);
    $iq = abs((int) $_POST['iq']);
    $energy = 10 + $level * 2;
    $brave = 3 + $level * 2;
    $hp = 50 + $level * 50;
    $username = mysql_real_escape_string(strip_tags(stripslashes($_POST['username'])), $c);
    $loginname = mysql_real_escape_string(strip_tags(stripslashes($_POST['login_name'])), $c);
    $password = stripslashes($_POST['userpass']);
    $salt = generate_pass_salt();
    $enc_psw = encode_password($password, $salt, false);
    $i_salt = mysql_real_escape_string($salt, $c);
    $i_encpsw = mysql_real_escape_string($enc_psw, $c);
    $email = mysql_real_escape_string(strip_tags(stripslashes($_POST['email'])), $c);
    $gender = isset($_POST['gender']) && in_array($_POST['gender'], array('Male', 'Female')) ? $_POST['gender'] : 'Male';
    mysql_query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays,\n             user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender,\n              signedup, email, bankmoney, pass_salt)\n              VALUES( '{$username}', '{$loginname}', '{$i_encpsw}', {$level},\n               {$money}, {$crystals}, {$donator}, {$ulevel}, {$energy}, {$energy}, 100, 100, {$brave}, {$brave}, {$hp}, {$hp}, 1,\n                '{$gender}', " . time() . ", '{$email}', -1, '{$i_salt}')", $c);
    $i = mysql_insert_id($c);
    mysql_query("INSERT INTO userstats VALUES({$i}, {$strength}, {$agility}, {$guard}, {$labour}, {$iq})", $c);
    print "User created!";
}
Example #22
0
    exec_query("UPDATE `{$p}globalRoles` SET `core-{$object}-otherGroup-view` = 1 WHERE `name` = 'Admin';");
}
exec_query("INSERT INTO `{$p}statuses` (`statusID` ,`status`) VALUES ('1', 'open'), ('2', 'review'), ('3', 'closed');");
// GROUPS
$defaultGroup = $kga['lang']['defaultGroup'];
$query = "INSERT INTO `{$p}groups` (`name`) VALUES ('admin');";
exec_query($query);
// MISC
$query = "INSERT INTO `{$p}activities` (`activityID`, `name`, `comment`) VALUES (1, '" . $kga['lang']['testActivity'] . "', '');";
exec_query($query);
$query = "INSERT INTO `{$p}customers` (`customerID`, `name`, `comment`, `company`, `vat`, `contact`, `street`, `zipcode`, `city`, `phone`, `fax`, `mobile`, `mail`, `homepage`, `timezone`) VALUES (1, '" . $kga['lang']['testCustomer'] . "', '', '', '', '', '', '', '', '', '', '', '',''," . quoteForSql($_REQUEST['timezone']) . ");";
exec_query($query);
$query = "INSERT INTO `{$p}projects` (`projectID`, `customerID`, `name`, `comment`) VALUES (1, 1, '" . $kga['lang']['testProject'] . "', '');";
exec_query($query);
// ADMIN USER
$adminPassword = encode_password('changeme');
$query = "INSERT INTO `{$p}users` (`userID`,`name`,`mail`,`password`, `globalRoleID` ) VALUES ('{$randomAdminID}','admin','*****@*****.**','{$adminPassword}',1);";
exec_query($query);
$query = "INSERT INTO `{$p}preferences` (`userID`,`option`,`value`) VALUES\n('{$randomAdminID}', 'ui.rowlimit', '100'),\n('{$randomAdminID}', 'ui.skin', 'standard'),\n('{$randomAdminID}', 'ui.showCommentsByDefault', '0'),\n('{$randomAdminID}', 'ui.hideOverlapLines', '1'),\n('{$randomAdminID}', 'ui.showTrackingNumber', '1'),\n('{$randomAdminID}', 'timezone', " . quoteForSql($_REQUEST['timezone']) . ");";
exec_query($query);
// Configuration
exec_query("INSERT INTO `{$p}configuration` (`option`, `value`) VALUES\n('version', '" . $kga['version'] . "'),\n('login', '1'),\n('adminmail', '*****@*****.**'),\n('loginTries', '3'),\n('loginBanTime', '900'),\n('revision', '" . $kga['revision'] . "'),\n('currency_name', 'Euro'),\n('currency_sign', '€'),\n('currency_first', '0'),\n('show_update_warn', '1'),\n('check_at_startup', '0'),\n('show_daySeperatorLines', '1'),\n('show_gabBreaks', '0'),\n('show_RecordAgain', '1'),\n('show_TrackingNr', '1'),\n('date_format_0', 'dd.mm.yy'),\n('date_format_1', '%d.%m.'),\n('date_format_2', '%d.%m.%Y'),\n('date_format_3', 'd.m.Y'),\n('table_time_format', '%H:%M'),\n('language', '" . $kga['language'] . "'),\n('roundPrecision', '0'),\n('decimalSeparator', ','),\n('durationWithSeconds', '0'),\n('exactSums', '0'),\n('defaultVat', '0'),\n('editLimit', '0'),\n('roundTimesheetEntries', '0'),\n('roundMinutes', '0'),\n('roundSeconds', '0'),\n('allowRoundDown', '0'),\n('defaultStatusID', '1')\n");
// CROSS TABLES
$query = "INSERT INTO `{$p}groups_users` (`groupID`, `userID`, `membershipRoleID`) VALUES (1, '" . $randomAdminID . "', 1);";
exec_query($query);
$query = "INSERT INTO `{$p}groups_activities` (`groupID`, `activityID`) VALUES (1, 1);";
exec_query($query);
$query = "INSERT INTO `{$p}groups_customers` (`groupID`, `customerID`) VALUES (1, 1);";
exec_query($query);
$query = "INSERT INTO `{$p}groups_projects` (`groupID`, `projectID`) VALUES (1, 1);";
exec_query($query);
Example #23
0
<?php

include "includes.php";
$text = "3";
echo $text . "<BR>";
$base64 = base64_encode($text);
echo $base64 . "<BR>";
$x = substr($base64, 0, 2);
echo $x . "<BR>";
$y = substr($base64, 2);
echo $y . "<BR>";
$z = encode_password($x, 1);
echo $z . "<BR>";
$result = $z . $y;
echo $result . "<BR>";
$base64 = base64_decode($result);
echo $base64 . "<BR>";
$text = $result;
echo $text . "<BR>";
$x = substr($text, 0, 2);
echo $x . "<BR>";
$y = substr($text, 2);
echo $y . "<BR>";
$z = encode_password($x, 1);
echo $z . "<BR>";
$a = $z . $y;
echo $a . "<BR>";
$base64 = base64_decode($a);
echo $base64 . "<BR>";
                 $tip2 = '图片转换失败,请稍后再试';
             }
         } else {
             $tip2 = '你上传的不是图片文件,只支持jpg/gif/png三种格式';
         }
     } else {
         $tip2 = '图片尚未上传或太大了';
     }
 } else {
     if ($action == 'chpw') {
         $password_new = addslashes(trim($_POST['password_new']));
         $password_again = addslashes(trim($_POST['password_again']));
         if ($password_new && $password_again) {
             if ($password_new == $password_again) {
                 $db_user2 = $DBS->fetch_one_array("SELECT `regtime` FROM `yunbbs_users` WHERE `id`='{$mid}'");
                 $new_md5pw = encode_password($password_new, $db_user2['regtime']);
                 if ($DBS->unbuffered_query("UPDATE yunbbs_users SET password='******' WHERE id='{$mid}'")) {
                     $tip3 = '密码已成功更改,请记住新密码';
                 } else {
                     $tip3 = '数据保存失败,请稍后再试';
                 }
             } else {
                 $tip3 = '新密码、重复新密码不一致';
             }
         } else {
             $tip3 = '请填写完整,新密码、重复新密码';
         }
     } else {
         if ($action == 'setflag') {
             $flag = intval(trim($_POST['flag']));
             if ($flag >= 0 && $flag <= 99) {
Example #25
0
     if ($username_validate !== true) {
         $error[] = $_CLASS['core_user']->get_lang($username_validate);
     }
     if (!$password || $password !== get_variable('password_confirm', 'POST', '')) {
         $error[] = $_CLASS['core_user']->get_lang('PASSWORD_ERROR');
     }
     if (!$email) {
         $error[] = $_CLASS['core_user']->get_lang('EMAIL_ERROR');
     } elseif (!check_email($email)) {
         $error[] = $_CLASS['core_user']->get_lang('EMAIL_INVALID');
     }
     if (!$tz || !in_array($tz, tz_array())) {
         $tz = null;
     }
     if (empty($error)) {
         $password = encode_password($password, $_CORE_CONFIG['user']['password_encoding']);
         if (!$password) {
             //do some admin contact thing here
             die('Try again later');
         }
         $data = array('username' => (string) $username, 'user_email' => (string) $email, 'user_group' => (int) $coppa ? 3 : 2, 'user_reg_date' => (int) $_CLASS['core_user']->time, 'user_timezone' => $tz, 'user_password' => (string) $password, 'user_password_encoding' => (string) $_CORE_CONFIG['user']['password_encoding'], 'user_lang' => $lang == $_CORE_CONFIG['global']['default_lang'] ? null : $lang, 'user_type' => USER_NORMAL, 'user_status' => STATUS_ACTIVE, 'user_act_key' => null, 'user_ip' => '');
         user_add($data);
         set_core_config('user', 'newest_user_id', $data['user_id'], false);
         set_core_config('user', 'newest_username', $data['username'], false);
         set_core_config('user', 'total_users', $_CORE_CONFIG['user']['total_users'] + 1);
         trigger_error('USER_ADDED');
     }
 }
 $_CLASS['core_template']->assign_array(array('COPPA' => isset($coppa) ? $coppa : false, 'EMAIL' => isset($email) ? $email : '', 'ERROR' => empty($error) ? false : implode('<br />', $error), 'PASSWORD' => isset($password) ? $password : '', 'USERNAME' => isset($username) ? $username : '', 'SELECT_TZ' => select_tz(isset($tz) ? $tz : $_CORE_CONFIG['global']['default_timezone']), 'S_ACTION' => generate_link('users&amp;mode=add_user', array('admin' => true))));
 $_CLASS['core_display']->display(false, 'admin/users/add.html');
 break;
Example #26
0
<?php

switch ($do) {
    case "logout":
        ext::synlogout();
        @header('Location: index.php');
        break;
    case "ajax_login":
        /* RECEIVE VALUE */
        $username = isset($_GET['username']) ? $_GET['username'] : '';
        $password = isset($_GET['password']) ? $_GET['password'] : '';
        $api_client = isset($_GET['api_client']) ? $_GET['api_client'] : '';
        $check_username = DB::result_first("SELECT user_id FROM " . DB::table('users') . " where user_name ='" . $username . "' AND isdelete = 0 LIMIT 1");
        $user_id = $check_user_pass = DB::result_first("SELECT user_id FROM " . DB::table('users') . " where user_name ='" . $username . "' and user_password ='******' AND isdelete = 0 LIMIT 1");
        $validateError = lang('core', 'username_right');
        $validateSuccess = lang('core', 'username_wrong');
        /* RETURN VALUE */
        $arrayToJs = array();
        $arrayToJs[0] = array();
        $arrayToJs[1] = array();
        if (!empty($check_username)) {
            // validate??
            $arrayToJs[0][0] = 'username';
            $arrayToJs[0][1] = true;
            // RETURN TRUE
            $arrayToJs[0][2] = lang('core', 'username_effective');
            // RETURN ARRAY WITH success
        } else {
            $arrayToJs[0][0] = 'username';
            $arrayToJs[0][1] = false;
            $arrayToJs[0][2] = lang('core', 'username_invalid');
Example #27
0
$table = "xuser_pegawai";
$field = array("username", "password", "reset");
$p_next = 55;
if (@$_POST['xuser']) {
    extract($_POST);
    if ($oldpassword != "") {
        if ($password != "") {
            if ($retrypassword != "") {
                $ocheck = xuser("password", "username = '******'");
                $check = mysql_fetch_array($ocheck);
                $len = strlen($oldpassword);
                if (md5($oldpassword) == decode_password($check['password'], $len)) {
                    if ($password == $retrypassword) {
                        $username = $susername;
                        $len = strlen($password);
                        $password = encode_password(md5($password), $len);
                        $reset = "0";
                        foreach ($field as $k => $val) {
                            $value[$k] = ${$val};
                        }
                        $sql = sql_update($table, $field, $value);
                        $sql = str_replace("''", "NULL", $sql);
                        $query = mysql_query($sql);
                        if ($query == 1) {
                            $msg = "Ubah kata sandi berhasil. Id = " . $susername . ".";
                            update_log($msg, $table, $susername, 1);
                            $_SESSION['errmsg'] = $msg;
                        } else {
                            $msg = "Ubah kata sandi gagal. Error = " . mysql_error() . ".";
                            update_log($msg, $table, $susername, 0);
                            $_SESSION['errmsg'] = $msg;
switch ($this->mode) {
    case 'reg_details':
        if ($submit) {
            $password = get_variable('new_password', 'POST', false);
            $cur_password = get_variable('cur_password', 'POST', false);
            if (!$cur_password || encode_password($cur_password, $_CLASS['core_user']->data['user_password_encoding']) !== $_CLASS['core_user']->data['user_password']) {
                $error[] = $_CLASS['core_user']->get_lang('CURRENT_PASSWORD_INVALID');
            }
            if (!$password || $password !== get_variable('password_confirm', 'POST', '')) {
                $error[] = $_CLASS['core_user']->get_lang('PASSWORD_MISMATCH');
            }
            if (empty($error) && $password === $cur_password) {
                $error[] = $_CLASS['core_user']->get_lang('PASSWORD_SAME');
            }
            if (empty($error)) {
                $array = array('user_password' => encode_password($password, $_CLASS['core_user']->data['user_password_encoding']));
                $sql = 'UPDATE ' . CORE_USERS_TABLE . ' 
					SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $array) . ' 
					WHERE user_id = ' . $_CLASS['core_user']->data['user_id'];
                $_CLASS['core_db']->sql_query($sql);
            }
        }
        $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? '' : implode('<br />', $error), 'USERNAME' => $_CLASS['core_user']->data['username'], 'EMAIL' => $_CLASS['core_user']->data['user_email'], 'CONFIRM_EMAIL' => '', 'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '', 'NEW_PASSWORD' => isset($new_password) ? $new_password : '', 'CUR_PASSWORD' => '', 'L_USERNAME_EXPLAIN' => '', 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($_CLASS['core_user']->lang['CHANGE_PASSWORD_EXPLAIN'], $_CORE_CONFIG['user']['min_pass_chars'], $_CORE_CONFIG['user']['max_pass_chars']), 'S_FORCE_PASSWORD' => false, 'S_CHANGE_USERNAME' => false, 'S_CHANGE_EMAIL' => false, 'S_CHANGE_PASSWORD' => true));
        break;
    case 'signature':
        require_once SITE_FILE_ROOT . 'includes/forums/functions_posting.php';
        // Generate smiley listing
        generate_smilies('inline', 0);
        $enable_html = true ? !isset($_POST['disable_html']) : false;
        $enable_bbcode = true ? !isset($_POST['disable_bbcode']) : false;
        $enable_smilies = true ? !isset($_POST['disable_smilies']) : false;
Example #29
0
                 }
             } else {
                 $errors[] = '名字 太长 或 太短 或 包含非法字符';
             }
         } else {
             $errors[] = '用户名 或 密码 太长了';
         }
     } else {
         $errors[] = '密码、重复密码 输入不一致';
     }
 } else {
     $errors[] = '用户名、密码、重复密码、验证码 必填';
 }
 ////
 if (!$errors) {
     $pwmd5 = encode_password($pw, $timestamp);
     if ($options['register_review']) {
         $flag = 1;
     } else {
         $flag = 5;
     }
     $DBS->query("INSERT INTO yunbbs_users (id,name,flag,password,regtime) VALUES (null,'{$name}', {$flag}, '{$pwmd5}', {$timestamp})");
     $new_uid = $DBS->insert_id();
     if ($new_uid == 1) {
         $DBS->unbuffered_query("UPDATE yunbbs_users SET flag = '99' WHERE id='1'");
     }
     $cache->clear('site_infos');
     //设置cookie
     $db_ucode = md5($new_uid . $pwmd5 . $timestamp . '00');
     $cur_uid = $new_uid;
     setcookie("cur_uid", $cur_uid, $timestamp + 86400 * 365, '/');
    function ucp_profile($id, $mode)
    {
        global $config, $_CLASS, $site_file_root, $_CORE_CONFIG;
        $preview = isset($_POST['preview']);
        $submit = isset($_POST['submit']);
        $module_link = generate_link("Control_Panel&amp;i={$id}&amp;mode={$mode}");
        $error = $data = array();
        $s_hidden_fields = '';
        switch ($mode) {
            case 'reg_details':
                if ($submit) {
                    $password = get_variable('new_password', 'POST', false);
                    $cur_password = get_variable('cur_password', 'POST', false);
                    if (!$cur_password || encode_password($cur_password, $_CLASS['core_user']->data['user_password_encoding']) !== $_CLASS['core_user']->data['user_password']) {
                        $error[] = $_CLASS['core_user']->get_lang('CURRENT_PASSWORD_INVALID');
                    }
                    if (!$password || $password !== get_variable('password_confirm', 'POST', '')) {
                        $error[] = $_CLASS['core_user']->get_lang('PASSWORD_MISMATCH');
                    }
                    if (empty($error) && $password === $cur_password) {
                        $error[] = $_CLASS['core_user']->get_lang('PASSWORD_SAME');
                    }
                    if (empty($error)) {
                        $array = array('user_password' => encode_password($password, $_CLASS['core_user']->data['user_password_encoding']));
                        $sql = 'UPDATE ' . USERS_TABLE . ' 
							SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $array) . ' 
							WHERE user_id = ' . $_CLASS['core_user']->data['user_id'];
                        $_CLASS['core_db']->sql_query($sql);
                    }
                }
                $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? '' : implode('<br />', $error), 'USERNAME' => $_CLASS['core_user']->data['username'], 'EMAIL' => $_CLASS['core_user']->data['user_email'], 'CONFIRM_EMAIL' => '', 'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '', 'NEW_PASSWORD' => isset($new_password) ? $new_password : '', 'CUR_PASSWORD' => '', 'L_USERNAME_EXPLAIN' => '', 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($_CLASS['core_user']->lang['CHANGE_PASSWORD_EXPLAIN'], $_CORE_CONFIG['user']['min_pass_chars'], $_CORE_CONFIG['user']['max_pass_chars']), 'S_FORCE_PASSWORD' => false, 'S_CHANGE_USERNAME' => false, 'S_CHANGE_EMAIL' => false, 'S_CHANGE_PASSWORD' => true));
                break;
            case 'profile_info':
                $error = array();
                $this_year = gmdate('Y', time());
                if ($submit) {
                    $icq = get_variable('icq', 'POST', null);
                    $aim = get_variable('aim', 'POST', null);
                    $msn = get_variable('msn', 'POST', null);
                    $yim = get_variable('yim', 'POST', null);
                    $jabber = get_variable('jabber', 'POST', null);
                    //$google = get_variable('google', 'POST', null);
                    $website = get_variable('website', 'POST', null);
                    $location = get_variable('location', 'POST', null);
                    $occupation = get_variable('occupation', 'POST', null);
                    $interests = get_variable('interests', 'POST', null);
                    $bday_day = get_variable('bday_day', 'POST', false);
                    $bday_month = get_variable('bday_month', 'POST', false);
                    $bday_year = get_variable('bday_year', 'POST', false);
                    if ($bday_day || $bday_month || $bday_year) {
                        if ($bday_day < 1 || $bday_day > 31 || $bday_month < 1 || $bday_month > 12 || $bday_year < $this_year - 100 || $bday_month > $this_year) {
                            $error[] = $_CLASS['core_user']->get_lang('BIRTHDAY_ERROR');
                        }
                    }
                    if (mb_strlen($interests) > 255) {
                        $error[] = $_CLASS['core_user']->get_lang('INTEREST_LONG_ERROR');
                    }
                    if (mb_strlen($occupation) > 255) {
                        $error[] = $_CLASS['core_user']->get_lang('OCCUPATION_LONG_ERROR');
                    }
                    if (empty($error)) {
                        $sql_ary = array('user_icq' => $icq, 'user_aim' => $aim, 'user_msnm' => $msn, 'user_yim' => $yim, 'user_jabber' => $jabber, 'user_website' => $website, 'user_from' => $location, 'user_occ' => $occupation, 'user_interests' => $interests, 'user_birthday' => $bday_day ? sprintf('%2d-%2d-%4d', $bday_day, $bday_month, $bday_year) : null);
                        $sql = 'UPDATE ' . USERS_TABLE . ' 
							SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_ary) . '
							WHERE user_id = ' . $_CLASS['core_user']->data['user_id'];
                        $_CLASS['core_db']->sql_query($sql);
                        $_CLASS['core_display']->meta_refresh(3, $module_link);
                        $message = $_CLASS['core_user']->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . $module_link . '">', '</a>');
                        trigger_error($message);
                    }
                }
                if (!isset($bday_day)) {
                    if ($_CLASS['core_user']->data['user_birthday']) {
                        list($bday_day, $bday_month, $bday_year) = explode('-', $_CLASS['core_user']->data['user_birthday']);
                    } else {
                        $bday_day = $bday_month = $bday_year = '';
                    }
                }
                $s_birthday_day_options = '<option value="0"' . (!$bday_day ? ' selected="selected"' : '') . '>--</option>';
                for ($i = 1; $i < 32; $i++) {
                    $selected = $i == $bday_day ? ' selected="selected"' : '';
                    $s_birthday_day_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                }
                $s_birthday_month_options = '<option value="0"' . (!$bday_month ? ' selected="selected"' : '') . '>--</option>';
                for ($i = 1; $i < 13; $i++) {
                    $selected = $i == $bday_month ? ' selected="selected"' : '';
                    $s_birthday_month_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                }
                $s_birthday_year_options = '';
                $s_birthday_year_options = '<option value="0"' . (!$bday_year ? ' selected="selected"' : '') . '>--</option>';
                $i = $this_year - 100;
                for ($i; $i < $this_year; $i++) {
                    $selected = $i == $bday_year ? ' selected="selected"' : '';
                    $s_birthday_year_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                }
                $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? '' : implode('<br />', $error), 'ICQ' => isset($icq) ? $icq : $_CLASS['core_user']->data['user_icq'], 'YIM' => isset($yim) ? $yim : $_CLASS['core_user']->data['user_yim'], 'AIM' => isset($aim) ? $aim : $_CLASS['core_user']->data['user_aim'], 'MSN' => isset($msn) ? $msn : $_CLASS['core_user']->data['user_msnm'], 'JABBER' => isset($jabber) ? $jabber : $_CLASS['core_user']->data['user_jabber'], 'WEBSITE' => isset($website) ? $website : $_CLASS['core_user']->data['user_website'], 'LOCATION' => isset($location) ? $location : $_CLASS['core_user']->data['user_from'], 'OCCUPATION' => isset($occupation) ? $occupation : $_CLASS['core_user']->data['user_occ'], 'INTERESTS' => isset($interests) ? $interests : $_CLASS['core_user']->data['user_interests'], 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options));
                break;
            case 'signature':
                require $site_file_root . 'includes/forums/functions_posting.php';
                // Generate smiley listing
                generate_smilies('inline', 0);
                $enable_html = true ? !isset($_POST['disable_html']) : false;
                $enable_bbcode = true ? !isset($_POST['disable_bbcode']) : false;
                $enable_smilies = true ? !isset($_POST['disable_smilies']) : false;
                $enable_urls = !isset($_POST['disable_magic_url']);
                $signature = get_variable('signature', 'POST', $_CLASS['core_user']->data['user_sig']);
                $signature_preview = '';
                $sql_array = false;
                if ($submit || $preview) {
                    require_once $site_file_root . 'includes/forums/message_parser.php';
                    if ($signature) {
                        $message_parser = new parse_message($signature);
                        // Allowing Quote BBCode
                        $message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, true, 'sig');
                        if (!empty($message_parser->warn_msg)) {
                            $error[] = implode('<br />', $message_parser->warn_msg);
                        }
                    }
                    if (empty($error) && $submit) {
                        if ($signature && !empty($message_parser->message)) {
                            $sql_array = array('user_sig' => (string) $message_parser->message, 'user_sig_bbcode_uid' => (string) $message_parser->bbcode_uid, 'user_sig_bbcode_bitfield' => (int) $message_parser->bbcode_bitfield);
                        } else {
                            $sql_array = array('user_sig' => (string) '', 'user_sig_bbcode_uid' => (string) '', 'user_sig_bbcode_bitfield' => (int) 0);
                        }
                        $sql = 'UPDATE ' . USERS_TABLE . ' 
							SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_array) . ' 
							WHERE user_id = ' . $_CLASS['core_user']->data['user_id'];
                        $_CLASS['core_db']->sql_query($sql);
                        $message = $_CLASS['core_user']->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . $module_link . '">', '</a>');
                        trigger_error($message);
                    }
                }
                if ($preview && $signature) {
                    // Now parse it for displaying
                    $signature_preview = $message_parser->format_display($enable_html, $enable_bbcode, $enable_urls, $enable_smilies, false);
                    unset($message_parser);
                }
                if ($signature) {
                    decode_message($signature, $_CLASS['core_user']->data['user_sig_bbcode_uid']);
                }
                $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? '' : implode('<br />', $error), 'SIGNATURE' => $signature, 'SIGNATURE_PREVIEW' => $signature_preview, 'S_HTML_CHECKED' => $enable_html ? '' : 'checked="checked"', 'S_BBCODE_CHECKED' => $enable_bbcode ? '' : 'checked="checked"', 'S_SMILIES_CHECKED' => $enable_smilies ? '' : 'checked="checked"', 'S_MAGIC_URL_CHECKED' => $enable_urls ? '' : 'checked="checked"', 'HTML_STATUS' => true ? $_CLASS['core_user']->get_lang('HTML_IS_ON') : $_CLASS['core_user']->get_lang('HTML_IS_OFF'), 'BBCODE_STATUS' => true ? sprintf($_CLASS['core_user']->get_lang('BBCODE_IS_ON'), '<a href="' . generate_link('Forums&amp;file=faq&amp;mode=bbcode') . '" target="_phpbbcode">', '</a>') : sprintf($_CLASS['core_user']->get_lang('BBCODE_IS_OFF'), '<a href="' . generate_link('Forums&amp;file=faq&amp;mode=bbcode') . '" target="_phpbbcode">', '</a>'), 'SMILIES_STATUS' => true ? $_CLASS['core_user']->get_lang('SMILIES_ARE_ON') : $_CLASS['core_user']->get_lang('SMILIES_ARE_OFF'), 'IMG_STATUS' => true ? $_CLASS['core_user']->get_lang('IMAGES_ARE_ON') : $_CLASS['core_user']->get_lang('IMAGES_ARE_OFF'), 'FLASH_STATUS' => true ? $_CLASS['core_user']->get_lang('FLASH_IS_ON') : $_CLASS['core_user']->get_lang('FLASH_IS_OFF'), 'L_SIGNATURE_EXPLAIN' => sprintf($_CLASS['core_user']->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']), 'S_HTML_ALLOWED' => true, 'S_BBCODE_ALLOWED' => true, 'S_SMILIES_ALLOWED' => true));
                break;
            case 'avatar':
                $display_gallery = isset($_POST['display_gallery']);
                $folder = isset($_POST['category']) ? str_replace(array('../', '..\\', './', '.\\'), '', $_POST['category']) : false;
                $delete = isset($_POST['delete']);
                // Can we upload?
                $can_upload = file_exists($config['avatar_path']) && is_writeable($config['avatar_path']) && @ini_get('file_uploads') ? true : false;
                if ($submit) {
                    $gallery_avatar = isset($_POST['avatarselect']) ? str_replace(array('../', '..\\', './', '.\\'), '', $_POST['avatarselect']) : false;
                    if ($config['allow_avatar_local'] && $gallery_avatar) {
                        if (!file_exists($config['avatar_gallery_path'] . '/' . $gallery_avatar)) {
                            $error[] = 'BAD_AVATAR';
                        } else {
                            $type = AVATAR_GALLERY;
                            $filename = $gallery_avatar;
                            list($width, $height) = getimagesize($config['avatar_gallery_path'] . '/' . $gallery_avatar);
                        }
                    } else {
                        $data['uploadurl'] = get_variable('uploadurl', 'POST', false);
                        $data['remotelink'] = get_variable('remotelink', 'POST', '');
                        $data['width'] = get_variable('width', 'POST', '');
                        $data['height'] = get_variable('height', 'POST', '');
                        $data['user_id'] = $_CLASS['core_user']->data['user_id'];
                        if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload) {
                            list($type, $filename, $width, $height) = avatar_upload($data, $error);
                        } elseif ($data['remotelink'] && $config['allow_avatar_remote']) {
                            list($type, $filename, $width, $height) = avatar_remote($data, $error);
                        } elseif ($delete) {
                            $filename = '';
                            $type = $width = $height = 0;
                        } else {
                            $error[] = 'IM_LOST';
                        }
                    }
                    if (empty($error)) {
                        $sql_ary = array('user_avatar' => (string) $filename, 'user_avatar_type' => (int) $type, 'user_avatar_width' => (int) $width, 'user_avatar_height' => (int) $height);
                        $sql = 'UPDATE ' . USERS_TABLE . ' 
							SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_ary) . ' 
							WHERE user_id = ' . $_CLASS['core_user']->data['user_id'];
                        $_CLASS['core_db']->sql_query($sql);
                        // Delete old avatar if present
                        if ($_CLASS['core_user']->data['user_avatar'] && $filename != $_CLASS['core_user']->data['user_avatar'] && $_CLASS['core_user']->data['user_avatar_type'] != AVATAR_GALLERY) {
                            avatar_delete($_CLASS['core_user']->data['user_avatar']);
                        }
                        $_CLASS['core_display']->meta_refresh(3, $module_link);
                        $message = $_CLASS['core_user']->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . $module_link . '">', '</a>');
                        trigger_error($message);
                    }
                    $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$_CLASS['core_user']->lang['\\1'])) ? \$_CLASS['core_user']->lang['\\1'] : '\\1'", $error);
                }
                // Generate users avatar
                $avatar_img = '';
                if ($_CLASS['core_user']->data['user_avatar']) {
                    switch ($_CLASS['core_user']->data['user_avatar_type']) {
                        case AVATAR_UPLOAD:
                            $avatar_img = $config['avatar_path'] . '/';
                            break;
                        case AVATAR_GALLERY:
                            $avatar_img = $config['avatar_gallery_path'] . '/';
                            break;
                    }
                    $avatar_img .= $_CLASS['core_user']->data['user_avatar'];
                    $avatar_img = '<img src="' . $avatar_img . '" width="' . $_CLASS['core_user']->data['user_avatar_width'] . '" height="' . $_CLASS['core_user']->data['user_avatar_height'] . '" border="0" alt="" />';
                }
                $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? '' : implode('<br />', $error), 'AVATAR' => $avatar_img, 'AVATAR_SIZE' => $config['avatar_filesize'], 'S_FORM_ENCTYPE' => $can_upload ? ' enctype="multipart/form-data"' : '', 'L_AVATAR_EXPLAIN' => sprintf($_CLASS['core_user']->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024))));
                if ($display_gallery && $config['allow_avatar_local']) {
                    require_once $site_file_root . 'includes/functions_user.php';
                    $avatar_list = avatar_gallery($folder, $folders, $error);
                    array_unshift($folders, '');
                    $s_category_options = '';
                    foreach ($folders as $cat) {
                        $s_category_options .= '<option value="' . $cat . '"' . ($cat == $folder ? ' selected="selected"' : '') . '>' . ($cat ? $cat : '--') . '</option>';
                    }
                    $_CLASS['core_template']->assign_array(array('S_DISPLAY_GALLERY' => true, 'S_CAT_OPTIONS' => $s_category_options));
                    foreach ($avatar_list as $avatar) {
                        $_CLASS['core_template']->assign_vars_array('avatar', array('AVATAR_IMAGE' => $config['avatar_gallery_path'] . '/' . $avatar['file'], 'AVATAR_NAME' => $avatar['name'], 'AVATAR_FILE' => $avatar['file']));
                    }
                    unset($avatar_list);
                } else {
                    $_CLASS['core_template']->assign_array(array('AVATAR' => $avatar_img, 'AVATAR_SIZE' => $config['avatar_filesize'], 'WIDTH' => $_CLASS['core_user']->data['user_avatar_width'], 'HEIGHT' => $_CLASS['core_user']->data['user_avatar_height'], 'S_CAN_UPLOAD' => $can_upload, 'S_LINK_AVATAR' => $config['allow_avatar_remote'], 'S_GALLERY_AVATAR' => $config['allow_avatar_local']));
                }
                break;
        }
        $_CLASS['core_template']->assign_array(array('L_TITLE' => $_CLASS['core_user']->lang['UCP_PROFILE_' . strtoupper($mode)], 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => $module_link));
        $this->display($_CLASS['core_user']->lang['UCP_PROFILE'], 'ucp_profile_' . $mode . '.html');
    }