function verify_webuser($username, $pass) { $hash = encode_password($pass); $data = array("username" => $username, "password" => $hash); // send to backend $response = rest_post(API_BASE_URL . "verifyWebUser.token=" . DEVICE_CODE, json_encode($data)); /*if (!response_status($response)) echo "failed"; else echo "success";*/ return response_status($response); }
function user_auth($user_name, $user_password) { global $_CLASS; $sql = 'SELECT user_id, username, user_password, user_password_encoding, user_status FROM ' . USERS_TABLE . " WHERE username = '******'core_db']->escape($user_name) . "'"; $result = $_CLASS['core_db']->query($sql); $status = false; if ($row = $_CLASS['core_db']->fetch_row_assoc($result)) { if (encode_password($user_password, $row['user_password_encoding']) == $row['user_password']) { if ($row['user_status'] != STATUS_ACTIVE) { $status = $row['user_status'] == STATUS_DISABLED ? 'ACTIVE_ERROR' : 'UNACTIVATED_ERROR'; } return (int) $row['user_id']; } } $_CLASS['core_db']->free_result($result); return $status; }
$loginKey = random_code(30); setcookie('kimai_key', $loginKey); setcookie('kimai_user', $userData['name']); $database->user_loginSetKey($userId, $loginKey); header('Location: core/kimai.php'); } // ================================================================= // = processing login and displaying either login screen or errors = // ================================================================= switch ($_REQUEST['a']) { case 'checklogin': $is_customer = $database->is_customer_name($name); Kimai_Logger::logfile('login: '******' as customer' : ' as user')); if ($is_customer) { // perform login of customer $passCrypt = encode_password($password); $customerId = $database->customer_nameToID($name); $data = $database->customer_get_data($customerId); // TODO: add BAN support if ($data['password'] == $passCrypt && $name != '' && $passCrypt != '') { $loginKey = random_code(30); setcookie('kimai_key', $loginKey); setcookie('kimai_user', 'customer_' . $name); $database->customer_loginSetKey($customerId, $loginKey); header('Location: core/kimai.php'); } else { setcookie('kimai_key', '0'); setcookie('kimai_user', '0'); $view->assign('headline', $kga['lang']['accessDenied']); $view->assign('message', $kga['lang']['wrongPass']); $view->assign('refresh', '<meta http-equiv="refresh" content="5;URL=index.php">');
if (empty($error)) { require_once SITE_FILE_ROOT . 'includes/tables.php'; require_once SITE_FILE_ROOT . 'includes/cache/cache.php'; require_once SITE_FILE_ROOT . 'includes/cache/cache_' . $acm_type . '.php'; load_class(false, 'core_cache', 'cache_' . $acm_type); set_core_config('global', 'site_name', $site_name, false); set_core_config('server', 'site_domain', $site_domain, false); set_core_config('server', 'site_path', $site_path, false); set_core_config('server', 'site_port', $site_port, false); set_core_config('email', 'site_email', $email, false); set_core_config('server', 'cookie_domain', $cookie_domain, false); set_core_config('server', 'cookie_path', $cookie_path, false); set_core_config('server', 'cookie_name', $cookie_name, false); set_core_config('server', 'site_secure', 0, false); set_core_config('user', 'newest_username', $username, true); $user_update = array('username' => $username, 'user_password' => encode_password($password, 'md5'), 'user_password_encoding' => 'md5', 'user_email' => $email); $_CLASS['core_db']->query('UPDATE ' . USERS_TABLE . ' SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $user_update) . ' WHERE user_id = 2'); $_CLASS['core_template']->assign_array(array('admin_link' => generate_link(false, array('full' => true, 'sid' => false, 'admin' => true)), 'username' => $username)); $_CLASS['core_template']->display('installer/complete.html'); script_close(); } $_CLASS['core_template']->assign_array(array('site_name' => $site_name, 'site_domain' => $site_domain, 'site_path' => $site_path, 'site_port' => $site_port, 'cookie_domain' => $cookie_domain, 'cookie_path' => $cookie_path, 'cookie_name' => $cookie_name, 'username' => $username, 'password' => $password, 'password_confirm' => $password_confirm, 'email' => $email, 'email_confirm' => $email_confirm, 'error' => empty($error) ? false : implode('<br/>', $error), 'config_content' => $config_content)); $_CLASS['core_template']->display('installer/stage3.html'); script_close(); } if ($stage === 3) { if ($db_layer && in_array($db_layer, array_keys($database_array))) { load_class(SITE_FILE_ROOT . 'includes/db/' . $db_layer . '.php', 'core_db', 'db_' . $db_layer); $site_db = array(); $site_db['type'] = $db_layer; $site_db['persistent'] = false;
break; case "notyet": print_logon_form(); break; default: http_response_code(400); exit; } } else { if ($_SERVER['REQUEST_METHOD'] === 'POST') { $uamip = $_POST['uamip']; $uamport = $_POST['uamport']; $username = $_POST['username']; $password = $_POST['password']; $challenge = $_POST['challenge']; $encoded_password = encode_password($password, $challenge, $uam_secret); $redirect_url = "http://{$uamip}:{$uamport}/logon" . "?username="******"&password="******"&redir=" . urlencode("http://myportal.example.com"); session_start(); if (isset($_POST["userurl"])) { $_SESSION["userurl"] = $_POST["userurl"]; } else { unset($_SESSION["userurl"]); } session_write_close(); header("Location: {$redirect_url}", TRUE, 302); exit; } else { http_response_code(400); exit;
function dekripsi($text) { @session_start(); $session_name = "Kh41r4"; $a = substr($text, 0, 2); $b = substr($text, 2); $c = encode_password($a, 1); $d = $c . $b; $dekripsi = base64_decode($d); $result = str_replace(@$_SESSION['kunci_' . $session_name], "", $dekripsi); #$result = $text; return $result; }
function ucp_register($id, $mode) { global $site_file_root, $config, $_CLASS, $_CORE_CONFIG; $coppa = isset($_REQUEST['coppa']) ? (int) $_REQUEST['coppa'] : null; $submit = isset($_POST['submit']); if ($_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_DISABLE || ($coppa || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_SELF || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_ADMIN) && !$_CORE_CONFIG['email']['email_enable']) { trigger_error('UCP_REGISTER_DISABLE'); } $_CLASS['core_template']->assign('S_UCP_ACTION', generate_link('Control_Panel&mode=register')); $error = $data = array(); $s_hidden_fields = ''; if (!isset($_POST['agreed'])) { if ($_CORE_CONFIG['user']['coppa_enable'] && is_null($coppa)) { $now = explode(':', gmdate('m:j:Y')); $coppa_birthday = $_CLASS['core_user']->format_date(mktime(12, 0, 0, $now[0], $now[1], $now[2] - 13), 'D M d, Y'); $_CLASS['core_template']->assign_array(array('L_COPPA_NO' => sprintf($_CLASS['core_user']->lang['UCP_COPPA_BEFORE'], $coppa_birthday), 'L_COPPA_YES' => sprintf($_CLASS['core_user']->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday), 'U_COPPA_NO' => generate_link('Control_Panel&mode=register&coppa=0'), 'U_COPPA_YES' => generate_link('Control_Panel&mode=register&coppa=1'), 'S_SHOW_COPPA' => true, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_REGISTER_ACTION' => generate_link('Control_Panel&mode=register'))); } else { $s_hidden_fields .= '<input type="hidden" name="coppa" value="' . $coppa . '" />'; $_CLASS['core_template']->assign_array(array('S_SHOW_COPPA' => false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_REGISTER_ACTION' => generate_link('Control_Panel&mode=register'))); } $this->display($_CLASS['core_user']->lang['REGISTER'], 'ucp_agreement.html'); script_close(); } if ($submit) { require_once $site_file_root . 'includes/functions_user.php'; $error = array(); $username = get_variable('username', 'POST', false); $password = get_variable('password', 'POST', false); $email = get_variable('email', 'POST', false); $email_confirm = get_variable('email_confirm', 'POST', ''); //when we add this make sure to confirm that it's one of the installed langs $lang = $_CORE_CONFIG['global']['default_lang']; $tz = get_variable('tz', 'POST', false); if (strpos($username, "\n")) { die; } $username_validate = validate_username($username); if ($username_validate !== true) { $error[] = $_CLASS['core_user']->get_lang($username_validate); } if (!$password || $password !== get_variable('password_confirm', 'POST', '')) { $error[] = $_CLASS['core_user']->get_lang('PASSWORD_ERROR'); } if (!$email || $email !== $email_confirm) { $error[] = $_CLASS['core_user']->get_lang('EMAIL_ERROR'); } elseif (!check_email($email)) { $error[] = $_CLASS['core_user']->get_lang('EMAIL_INVALID'); } if (!$tz || !in_array($tz, tz_array())) { $tz = null; } if ($_CORE_CONFIG['user']['enable_confirm']) { $confirmation_code = $_CLASS['core_user']->session_data_get('confirmation_code'); $confirm_code = trim(get_variable('confirm_code', 'POST', false)); if (!$confirm_code || !$confirmation_code || $confirm_code != $confirmation_code) { $error[] = $_CLASS['core_user']->get_lang('CONFIRM_CODE_WRONG'); } // we don't need this any more $_CLASS['core_user']->user_data_kill('confirmation_code'); } if (empty($error)) { $password = encode_password($password, $_CORE_CONFIG['user']['password_encoding']); if (!$password) { //do some admin contact thing here die('Activation disabled: Passwaord encoding problem'); } if ($coppa || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_SELF || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_ADMIN) { if (!$_CORE_CONFIG['email']['email_enable']) { //do some admin contact thing here die('Activation disabled: Email Disabled'); } $user_status = STATUS_PENDING; $user_act_key = generate_string(10); if ($coppa) { $message = $_CLASS['core_user']->lang['ACCOUNT_COPPA']; $email_template = 'coppa_welcome_inactive'; } elseif ($_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_SELF) { $message = $_CLASS['core_user']->lang['ACCOUNT_INACTIVE']; $email_template = 'user_welcome_inactive'; } elseif ($_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_ADMIN) { $message = $_CLASS['core_user']->lang['ACCOUNT_INACTIVE_ADMIN']; $email_template = 'admin_welcome_inactive'; } } else { $user_status = STATUS_ACTIVE; $user_act_key = null; $email_template = 'user_welcome'; $message = $_CLASS['core_user']->lang['ACCOUNT_ADDED']; } $data = array('username' => (string) $username, 'user_email' => (string) $email, 'user_group' => $coppa ? 3 : 2, 'user_reg_date' => (int) $_CLASS['core_user']->time, 'user_timezone' => (string) $tz, 'user_password' => (string) $password, 'user_password_encoding' => (string) $_CORE_CONFIG['user']['password_encoding'], 'user_lang' => $lang ? (string) $lang : null, 'user_type' => USER_NORMAL, 'user_status' => (int) $user_status, 'user_act_key' => (string) $user_act_key, 'user_ip' => (string) $_CLASS['core_user']->ip); user_add($data); if ($data['user_status'] === STATUS_ACTIVE) { set_core_config('user', 'newest_user_id', $data['user_id'], false); set_core_config('user', 'newest_username', $data['username'], false); set_core_config('user', 'total_users', $_CORE_CONFIG['user']['total_users'] + 1, false); } require_once $site_file_root . 'includes/mailer.php'; $mailer = new core_mailer(); $mailer->to($email, $username); $mailer->subject($subject); $_CLASS['core_template']->assign_array(array('SITENAME' => $_CORE_CONFIG['global']['site_name'], 'WELCOME_MSG' => sprintf($_CLASS['core_user']->lang['WELCOME_SUBJECT'], $_CORE_CONFIG['global']['site_name']), 'USERNAME' => $username, 'PASSWORD' => $password, 'EMAIL_SIG' => '', 'U_ACTIVATE' => generate_link('system&mode=activate&user_id=' . $data['user_id'] . '&key=' . $user_act_key, array('sid' => false, 'full' => true)))); if ($coppa) { $_CLASS['core_template']->assign_array(array('FAX_INFO' => $_CORE_CONFIG['user']['coppa_fax'], 'MAIL_INFO' => $_CORE_CONFIG['user']['coppa_mail'], 'EMAIL_ADDRESS' => $email, 'SITENAME' => $_CORE_CONFIG['global']['site_name'])); } $mailer->message = trim($_CLASS['core_template']->display('modules/Control_Panel/email/' . $email_template, true)); $mailer->send(); $message = $message . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_INDEX'], '<a href="' . generate_link() . '">', '</a>'); trigger_error($message); } } $s_hidden_fields .= '<input type="hidden" name="coppa" value="' . $coppa . '" />'; $s_hidden_fields .= '<input type="hidden" name="agreed" value="true" />'; if ($_CORE_CONFIG['user']['enable_confirm']) { $_CLASS['core_user']->session_data_set('confirmation_code', generate_string(6)); $confirm_image = '<img src="' . generate_link('system&mode=confirmation_image') . '" alt="" title="" />'; } else { $confirm_image = false; } if ($submit) { if ($_CORE_CONFIG['user']['max_reg_attempts']) { $attempts = (int) $_CLASS['core_user']->session_data_get('reg_attempts', 0); if ($attempts > $_CORE_CONFIG['user']['max_reg_attempts']) { trigger_error($_CLASS['core_user']->lang['TOO_MANY_REGISTERS']); } $_CLASS['core_user']->session_data_get('reg_attempts', $attempts + 1); } } switch ($_CORE_CONFIG['user']['activation']) { case USER_ACTIVATION_SELF: $l_reg_cond = $_CLASS['core_user']->lang['UCP_EMAIL_ACTIVATE']; break; case USER_ACTIVATION_ADMIN: $l_reg_cond = $_CLASS['core_user']->lang['UCP_ADMIN_ACTIVATE']; break; default: $l_reg_cond = ''; break; } $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\\w]+' => 'USERNAME_ALPHA_ONLY', '[\\w_\\+\\. \\-\\[\\]]+' => 'USERNAME_ALPHA_SPACERS'); $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? false : implode('<br />', $error), 'USERNAME' => isset($username) ? $username : '', 'PASSWORD' => isset($password) ? $password : '', 'EMAIL' => isset($email) ? $email : '', 'EMAIL_CONFIRM' => isset($email_confirm) ? $email_confirm : '', 'CONFIRM_IMG' => $confirm_image, 'SELECT_TZ' => select_tz(isset($tz) ? $tz : $_CORE_CONFIG['global']['default_timezone']), 'L_CONFIRM_EXPLAIN' => sprintf($_CLASS['core_user']->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'), 'L_ITEMS_REQUIRED' => $l_reg_cond, 'L_USERNAME_EXPLAIN' => sprintf($_CLASS['core_user']->lang[$user_char_ary[$_CORE_CONFIG['user']['allow_name_chars']] . '_EXPLAIN'], $_CORE_CONFIG['user']['min_name_chars'], $_CORE_CONFIG['user']['max_name_chars']), 'L_NEW_PASSWORD_EXPLAIN' => sprintf($_CLASS['core_user']->lang['NEW_PASSWORD_EXPLAIN'], $_CORE_CONFIG['user']['min_pass_chars'], $_CORE_CONFIG['user']['max_pass_chars']), 'S_COPPA' => $coppa, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => generate_link("Control_Panel&mode=register"))); $this->display($_CLASS['core_user']->lang['REGISTER'], 'ucp_register.html'); }
/* RECEIVE VALUE */ $user_name = isset($_REQUEST['user_name']) ? $_REQUEST['user_name'] : ''; $user_password = isset($_REQUEST['user_password']) ? $_REQUEST['user_password'] : ''; $api_client = isset($_REQUEST['api_client']) ? $_REQUEST['api_client'] : ''; $location_url = isset($_REQUEST['location_url']) ? $_REQUEST['location_url'] : ''; $return = array('errcode' => 'e_1001', 'errmsg' => lang('error', 'e_1001'), 'data' => ''); if ($user_name && $user_password) { //校验用户或者编号是否存在 $check_user_info = array(); $check_user_info = DB::fetch_first("SELECT user_id,user_password FROM " . DB::table('users') . " WHERE user_name ='" . $user_name . "' AND isdelete = 0 LIMIT 1"); if (empty($check_user_info)) { $check_user_info = DB::fetch_first("SELECT user_id,user_password FROM " . DB::table('users') . " WHERE user_id ='" . $user_name . "' AND isdelete = 0 LIMIT 1"); } //校验密码 if ($check_user_info['user_id']) { $user_encode_password = encode_password($user_password); if ($user_encode_password == $check_user_info['user_password']) { if ($api_client) { allow_crossdomain(); $userinfo = DB::fetch_first("SELECT * FROM " . DB::table('users') . " WHERE user_id ='" . $check_user_info['user_id'] . "' LIMIT 1"); //并返回用户信息 $return = array('errcode' => 'e_1000', 'errmsg' => lang('error', 'e_1000'), 'data' => $userinfo); } elseif ($location_url) { $user['user_id'] = $check_user_info['user_id']; ext::synlogin($user, $user); header('location:' . $location_url . ''); die; } else { $user['user_id'] = $check_user_info['user_id']; ext::synlogin($user, $user); $return = array('errcode' => 'e_1000', 'errmsg' => lang('error', 'e_1000'), 'data' => '');
} $form_username = mysql_real_escape_string(stripslashes($username), $c); $raw_password = stripslashes($password); $uq = mysql_query("SELECT `userid`, `userpass`, `pass_salt`\n FROM `users`\n WHERE `login_name` = '{$form_username}'", $c); if (mysql_num_rows($uq) == 0) { die("<h3>{GAME_NAME} Error</h3>\n\tInvalid username or password!<br />\n\t<a href='login.php'>> Back</a>"); } else { $mem = mysql_fetch_assoc($uq); $login_failed = false; // Pass Salt generation: autofix if (empty($mem['pass_salt'])) { if (md5($raw_password) != $mem['userpass']) { $login_failed = true; } $salt = generate_pass_salt(); $enc_psw = encode_password($mem['userpass'], $salt, true); $e_salt = mysql_real_escape_string($salt, $c); // in case of changed salt function $e_encpsw = mysql_real_escape_string($enc_psw, $c); // ditto for password encoder mysql_query("UPDATE `users`\n \t\t SET `pass_salt` = '{$e_salt}', `userpass` = '{$e_encpsw}'\n \t\t WHERE `userid` = {$mem['userid']}", $c); } else { $login_failed = !verify_user_password($raw_password, $mem['pass_salt'], $mem['userpass']); } if ($login_failed) { die("<h3>{GAME_NAME} Error</h3>\n\t\tInvalid username or password!<br />\n\t\t<a href='login.php'>> Back</a>"); } if ($mem['userid'] == 1 && file_exists('./installer.php')) { die("<h3>{GAME_NAME} Error</h3>\n The installer still exists! You need to delete installer.php immediately.<br />\n <a href='login.php'>> Back</a>"); } session_regenerate_id();
/** * @param string $username * @param string $password * @param int $userId * @return bool */ public function authenticate($username, $password, &$userId) { $userId = $this->database->user_name2id($username); if ($userId === false) { return true; } $userData = $this->database->user_get_data($userId); $pass = $userData['password']; $userId = $userData['userID']; $passCrypt = encode_password($password); return $pass == $passCrypt && $username != ''; }
} else { $tip2 = '你上传的不是图片文件,只支持jpg/gif/png三种格式'; } } else { $tip2 = '图片尚未上传或太大了'; } } else { if ($action == 'chpw') { $password_current = addslashes(trim($_POST['password_current'])); $password_new = addslashes(trim($_POST['password_new'])); $password_again = addslashes(trim($_POST['password_again'])); if ($password_current && $password_new && $password_again) { if ($password_new == $password_again) { if (encode_password($password_current, $cur_user['regtime']) == $cur_user['password']) { if ($password_current != $password_new) { $new_md5pw = encode_password($password_new, $cur_user['regtime']); if ($DBS->unbuffered_query("UPDATE yunbbs_users SET password='******' WHERE id='{$cur_uid}'")) { //更新缓存和cookie $cur_user['password'] = $new_md5pw; $new_ucode = md5($cur_uid . $new_md5pw . $cur_user['regtime'] . $cur_user['lastposttime'] . $cur_user['lastreplytime']); setcookie("cur_uid", $cur_uid, time() + 86400 * 365, '/'); setcookie("cur_uname", $cur_uname, time() + 86400 * 365, '/'); setcookie("cur_ucode", $new_ucode, time() + 86400 * 365, '/'); $tip3 = '密码已成功更改,请记住新密码'; } else { $tip3 = '数据保存失败,请稍后再试'; } } else { $tip3 = '输入的新密码和原来的密码相同,没修改!'; } } else {
$kga['password_salt'] = createPassword(20); if (write_config_file($kga['server_database'], $kga['server_hostname'], $kga['server_username'], $kga['server_password'], '', $kga['server_prefix'], $kga['language'], $kga['password_salt'], 'Europe/Berlin')) { echo '<tr><td>' . $kga['lang']['updater'][140] . '</td><td class="green"> </td></tr>'; } else { die($kga['lang']['updater'][130]); } // Reset all passwords $new_passwords = array(); $users = $database->queryAll("SELECT * FROM {$p}usr"); foreach ($users as $user) { if ($user['usr_name'] == 'admin') { $new_password = '******'; } else { $new_password = createPassword(8); } exec_query("UPDATE `{$p}usr` SET pw = '" . encode_password($new_password) . "' WHERE usr_ID = {$user['usr_ID']}"); if ($result) { $new_passwords[$user['usr_name']] = $new_password; } } } if ((int) $revisionDB < 1068) { Kimai_Logger::logfile("-- update to r1068"); exec_query("ALTER TABLE `{$p}usr` CHANGE `autoselection` `autoselection` TINYINT( 1 ) NOT NULL default '0';"); } if ((int) $revisionDB < 1077) { Kimai_Logger::logfile("-- update to r1076"); exec_query("ALTER TABLE `{$p}usr` CHANGE `usr_mail` `usr_mail` varchar(160) DEFAULT ''"); exec_query("ALTER TABLE `{$p}usr` CHANGE `pw` `pw` varchar(254) NULL DEFAULT NULL"); exec_query("ALTER TABLE `{$p}usr` CHANGE `lang` `lang` varchar(6) DEFAULT ''"); exec_query("ALTER TABLE `{$p}zef` CHANGE `zef_comment` `zef_comment` TEXT NULL DEFAULT NULL");
/** * @param string $username * @param string $password * @param string $key * @return array */ public function resetPassword($username, $password, $key) { $kga = $this->getKga(); $database = $this->getDatabase(); $is_customer = $database->is_customer_name($username); if ($is_customer) { $customerId = $database->customer_nameToID($username); $customer = $database->customer_get_data($customerId); if ($key != $customer['passwordResetHash']) { return array('message' => $kga['lang']['passwordReset']['invalidKey']); } $data = array('password' => encode_password($password), 'passwordResetHash' => null); $database->customer_edit($customerId, $data); } else { $userId = $database->user_name2id($username); $user = $database->user_get_data($userId); if ($key != $user['passwordResetHash']) { return array('message' => $kga['lang']['passwordReset']['invalidKey']); } $data = array('password' => encode_password($password), 'passwordResetHash' => null); $database->user_edit($userId, $data); } return array('message' => $kga['lang']['passwordReset']['success'], 'showLoginLink' => true); }
function install() { menuprint('sql'); $paypal = isset($_POST['paypal']) && valid_email($_POST['paypal']) ? gpc_cleanup($_POST['paypal']) : ''; $adm_email = isset($_POST['a_email']) && valid_email($_POST['a_email']) ? gpc_cleanup($_POST['a_email']) : ''; $adm_username = isset($_POST['a_username']) && strlen($_POST['a_username']) > 3 ? gpc_cleanup($_POST['a_username']) : ''; $adm_gender = isset($_POST['gender']) && in_array($_POST['gender'], array('Male', 'Female'), true) ? $_POST['gender'] : 'Male'; $description = isset($_POST['game_description']) ? gpc_cleanup($_POST['game_description']) : ''; $owner = isset($_POST['game_owner']) && strlen($_POST['game_owner']) > 3 ? gpc_cleanup($_POST['game_owner']) : ''; $game_name = isset($_POST['game_name']) ? gpc_cleanup($_POST['game_name']) : ''; $adm_pswd = isset($_POST['a_password']) && strlen($_POST['a_password']) > 3 ? gpc_cleanup($_POST['a_password']) : ''; $adm_cpswd = isset($_POST['a_cpassword']) ? gpc_cleanup($_POST['a_cpassword']) : ''; $db_hostname = isset($_POST['hostname']) ? gpc_cleanup($_POST['hostname']) : ''; $db_username = isset($_POST['username']) ? gpc_cleanup($_POST['username']) : ''; $db_password = isset($_POST['password']) ? gpc_cleanup($_POST['password']) : ''; $db_database = isset($_POST['database']) ? gpc_cleanup($_POST['database']) : ''; $errors = array(); if (empty($db_hostname)) { $errors[] = 'No Database hostname specified'; } if (empty($db_username)) { $errors[] = 'No Database username specified'; } if (empty($db_database)) { $errors[] = 'No Database database specified'; } if (empty($adm_username) || !preg_match("/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+\$/i", $adm_username)) { $errors[] = 'Invalid admin username specified'; } if (empty($adm_pswd)) { $errors[] = 'Invalid admin password specified'; } if ($adm_pswd !== $adm_cpswd) { $errors[] = 'The admin passwords did not match'; } if (empty($adm_email)) { $errors[] = 'Invalid admin email specified'; } if (empty($owner) || !preg_match("/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+\$/i", $owner)) { $errors[] = 'Invalid game owner specified'; } if (empty($game_name)) { $errors[] = 'Invalid game name specified'; } if (empty($description)) { $errors[] = 'Invalid game description specified'; } if (empty($paypal)) { $errors[] = 'Invalid game PayPal specified'; } if (count($errors) > 0) { echo "Installation failed.<br />\n There were one or more problems with your input.<br />\n <br />\n <b>Problem(s) encountered:</b>\n <ul>"; foreach ($errors as $error) { echo "<li><span style='color: red;'>{$error}</span></li>"; } echo "</ul>\n > <a href='installer.php?code=config'>Go back to config</a>"; require_once 'installer_foot.php'; exit; } // Try to establish DB connection first... echo 'Attempting DB connection...<br />'; $c = mysql_connect($db_hostname, $db_username, $db_password); mysql_select_db($db_database, $c); // Done, move on echo '... Successful.<br />'; echo 'Writing game config file...<br />'; echo 'Write DB Connector...<br />'; $code = md5(rand(1, 100000000000)); if (file_exists("mysql.php")) { unlink("mysql.php"); } $e_db_hostname = addslashes($db_hostname); $e_db_username = addslashes($db_username); $e_db_password = addslashes($db_password); $e_db_database = addslashes($db_database); $config_file = <<<EOF <?php \$c = mysql_connect('{$e_db_hostname}', '{$e_db_username}', '{$e_db_password}') or die(mysql_error()); mysql_select_db('{$e_db_database}', \$c); EOF; $f = fopen('mysql.php', 'w'); fwrite($f, $config_file); fclose($f); echo '... file written.<br />'; echo 'Writing base database schema...<br />'; $fo = fopen("dbdata.sql", "r"); $query = ''; $lines = explode("\n", fread($fo, 1024768)); fclose($fo); foreach ($lines as $line) { if (!(strpos($line, "--") === 0) && trim($line) != '') { $query .= $line; if (!(strpos($line, ";") === FALSE)) { mysql_query($query); $query = ''; } } } echo '... done.<br />'; echo 'Writing game configuration...<br />'; $ins_username = mysql_real_escape_string(htmlentities($adm_username, ENT_QUOTES, 'ISO-8859-1'), $c); $salt = generate_pass_salt(); $e_salt = mysql_real_escape_string($salt, $c); $encpsw = encode_password($adm_pswd, $salt); $e_encpsw = mysql_real_escape_string($encpsw, $c); $ins_email = mysql_real_escape_string($adm_email, $c); $IP = mysql_real_escape_string($_SERVER['REMOTE_ADDR'], $c); $ins_game_name = htmlentities($game_name, ENT_QUOTES, 'ISO-8859-1'); $ins_game_desc = nl2br(htmlentities($description, ENT_QUOTES, 'ISO-8859-1')); $ins_game_owner = htmlentities($owner, ENT_QUOTES, 'ISO-8859-1'); $ins_game_id1name = htmlentities($adm_username, ENT_QUOTES, 'ISO-8859-1'); mysql_query("INSERT INTO `users`\n (`username`, `login_name`, `userpass`, `level`, `money`,\n `crystals`, `donatordays`, `user_level`, `energy`, `maxenergy`,\n `will`, `maxwill`, `brave`, `maxbrave`, `hp`, `maxhp`, `location`,\n `gender`, `signedup`, `email`, `bankmoney`, `lastip`,\n `pass_salt`)\n VALUES ('{$ins_username}', '{$ins_username}', '{$e_encpsw}', 1,\n 100, 0, 0, 2, 12, 12, 100, 100, 5, 5, 100, 100, 1,\n '{$adm_gender}', " . time() . ", '{$ins_email}', -1, '{$IP}',\n '{$e_salt}')", $c) or die(mysql_error()); $i = mysql_insert_id($c); mysql_query("INSERT INTO `userstats`\n \t\t VALUES({$i}, 10, 10, 10, 10, 10)", $c); $gamename_files = array('authenticate.php', 'donator.php', 'explore.php', 'gamerules.php', 'header.php', 'helptutorial.php', 'loggedin.php', 'login.php', 'new_staff.php', 'register.php', 'voting.php'); $gameowner_files = array('header.php', 'login.php'); $paypal_files = array('donator.php', 'willpotion.php'); $gamedesc_files = array('login.php'); $id1_files = array('gamerules.php'); $cron_files = array('crons/cron_day.php', 'crons/cron_fivemins.php', 'crons/cron_hour.php', 'crons/cron_minute.php'); foreach ($gamename_files as $file) { file_update($file, '{GAME_NAME}', $ins_game_name); } foreach ($gameowner_files as $file) { file_update($file, '{GAME_OWNER}', $ins_game_owner); } foreach ($paypal_files as $file) { file_update($file, '{PAYPAL}', $paypal); } foreach ($gamedesc_files as $file) { file_update($file, '{GAME_DESCRIPTION}', $ins_game_desc); } foreach ($id1_files as $file) { file_update($file, '{ID1_NAME}', $ins_game_id1name); } foreach ($cron_files as $file) { file_update($file, '{CRON_CODE}', $code); } echo '... Done.<br />'; $path = dirname($_SERVER['SCRIPT_FILENAME']); echo "\n <h2>Installation Complete!</h2>\n <hr />\n <h3>Cron Info</h3>\n <br />\n This is the cron info you need for section <b>1.2 Cronjobs</b> of the installation instructions.<br />\n <pre>\n */5 * * * * php {$path}/crons/cron_fivemins.php {$code}\n * * * * * php {$path}/crons/cron_minute.php {$code}\n 0 * * * * php {$path}/crons/cron_hour.php {$code}\n 0 0 * * * php {$path}/crons/cron_day.php {$code}\n </pre>\n "; echo "<h3>Installer Security</h3>\n Attempting to remove installer... "; @unlink('./installer.php'); $success = !file_exists('./installer.php'); echo "<span style='color: " . ($success ? "green;'>Succeeded" : "red;'>Failed") . "</span><br />"; if (!$success) { echo "Attempting to lock installer... "; @touch('./installer.lock'); $success2 = file_exists('installer.lock'); echo "<span style='color: " . ($success2 ? "green;'>Succeeded" : "red;'>Failed") . "</span><br />"; if ($success2) { echo "<span style='font-weight: bold;'>" . "You should now remove dbdata.sql, installer.php, installer_foot.php and installer_home.php from your server." . "</span>"; } else { echo "<span style='font-weight: bold; font-size: 20pt;'>" . "YOU MUST REMOVE dbdata.sql, installer.php, " . "installer_foot.php and installer_home.php from your server.<br />" . "Failing to do so will allow other people " . "to run the installer again and potentially " . "mess up your game entirely." . "</span>"; } } else { require_once 'installer_foot.php'; @unlink('./installer_head.php'); @unlink('./installer_foot.php'); @unlink('./dbdata.sql'); exit; } }
function ucp_profile($id, $mode) { global $config, $_CLASS, $site_file_root, $_CORE_CONFIG; $preview = isset($_POST['preview']); $submit = isset($_POST['submit']); $module_link = generate_link("Control_Panel&i={$id}&mode={$mode}"); $error = $data = array(); $s_hidden_fields = ''; switch ($mode) { case 'reg_details': if ($submit) { $var_ary = array('username' => $_CLASS['core_user']->data['username'], 'email' => $_CLASS['core_user']->data['user_email'], 'email_confirm' => (string) '', 'new_password' => (string) '', 'cur_password' => (string) '', 'password_confirm' => (string) ''); foreach ($var_ary as $var => $default) { $data[$var] = request_var($var, $default); } $var_ary = array('username' => array(array('string', false, $_CORE_CONFIG['user']['min_name_chars'], $_CORE_CONFIG['user']['max_name_chars']), array('username', $data['username'])), 'password_confirm' => array('string', true, $_CORE_CONFIG['user']['min_pass_chars'], $_CORE_CONFIG['user']['max_pass_chars']), 'new_password' => array('string', true, $_CORE_CONFIG['user']['min_pass_chars'], $_CORE_CONFIG['user']['max_pass_chars']), 'email' => array(array('string', false, 6, 60), array('email', $data['email'])), 'email_confirm' => array('string', true, 6, 60)); $error = validate_data($data, $var_ary); extract($data); unset($data); if ($new_password && $password_confirm != $new_password) { $error[] = 'NEW_PASSWORD_ERROR'; } if (($new_password || $_CLASS['auth']->acl_get('u_chgemail') && $email != $_CLASS['core_user']->data['user_email'] || $username != $_CLASS['core_user']->data['username'] && $_CLASS['auth']->acl_get('u_chgname') && $_CORE_CONFIG['user']['allow_namechange']) && encode_password($cur_password, $_CLASS['core_user']->data['user_password_encoding']) != $_CLASS['core_user']->data['user_password']) { $error[] = 'CUR_PASSWORD_ERROR'; } if ($_CLASS['auth']->acl_get('u_chgemail') && $email != $_CLASS['core_user']->data['user_email'] && $email_confirm != $email) { $error[] = 'NEW_EMAIL_ERROR'; } if (!sizeof($error)) { $sql_ary = array('user_email' => $_CLASS['auth']->acl_get('u_chgemail') ? $email : $_CLASS['core_user']->data['user_email']); if ($_CORE_CONFIG['email']['email_enable'] && $email != $_CLASS['core_user']->data['user_email'] && ($_CORE_CONFIG['user']['require_activation'] == USER_ACTIVATION_SELF || $_CORE_CONFIG['user']['require_activation'] == USER_ACTIVATION_ADMIN)) { $template_file = $config['require_activation'] == USER_ACTIVATION_ADMIN ? 'user_activate_inactive.html' : 'user_activate.html'; $mailer = new core_mailer(); $messenger->template($template_file, $_CLASS['core_user']->data['user_lang']); $mailer->subject($subject); $messenger->to($email, $username); $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); $messenger->headers('X-AntiAbuse: User_id - ' . $_CLASS['core_user']->data['user_id']); $messenger->headers('X-AntiAbuse: Username - ' . $_CLASS['core_user']->data['username']); $messenger->headers('X-AntiAbuse: User IP - ' . $_CLASS['core_user']->ip); $messenger->assign_vars(array('SITENAME' => $_CORE_CONFIG['global']['sitename'], 'USERNAME' => $username, 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']), 'U_ACTIVATE' => generate_link("Control_Panel&mode=activate&u={$_CLASS['core_user']->data['user_id']}&k={$user_actkey}", array('full' => true)))); $body = trim($_CLASS['core_template']->display('modules/Contact/email/index.html', true)); $messenger->send(NOTIFY_EMAIL); if ($_CORE_CONFIG['user']['require_activation'] == USER_ACTIVATION_ADMIN) { // Grab an array of user_id's with a_user permissions $admin_ary = $_CLASS['auth']->acl_get_list(false, 'a_user', false); $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type FROM ' . USERS_TABLE . ' WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) . ')'; $result = $_CLASS['core_db']->sql_query($sql); while ($row = $_CLASS['core_db']->sql_fetchrow($result)) { $messenger->template('admin_activate', $row['user_lang']); $messenger->replyto($config['board_contact']); $messenger->to($row['user_email'], $row['username']); $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array('USERNAME' => $username, 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']), 'U_ACTIVATE' => generate_link("Control_Panel&mode=activate&u={$_CLASS['core_user']->data['user_id']}&k={$user_actkey}", array('full' => true)))); $messenger->send($row['user_notify_type']); } $_CLASS['core_db']->sql_freeresult($result); } $messenger->save_queue(); $sql_ary += array('user_type' => USER_INACTIVE, 'user_actkey' => $user_actkey); } $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $_CLASS['core_user']->data['user_id']; $_CLASS['core_db']->sql_query($sql); // Need to update config, forum, topic, posting, messages, etc. if ($username != $_CLASS['core_user']->data['username'] && $_CLASS['auth']->acl_get('u_chgname') && $_CORE_CONFIG['user']['allow_namechange']) { user_update_name($_CLASS['core_user']->data['username'], $username); } $_CLASS['core_display']->meta_refresh(3, $module_link); $message = $_CLASS['core_user']->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . $module_link . '">', '</a>'); trigger_error($message); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$_CLASS['core_user']->lang['\\1'])) ? \$_CLASS['core_user']->lang['\\1'] : '\\1'", $error); } $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\\w]+' => 'USERNAME_ALPHA_ONLY', '[\\w_\\+\\. \\-\\[\\]]+' => 'USERNAME_ALPHA_SPACERS'); $_CLASS['core_template']->assign(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'USERNAME' => isset($username) ? $username : $_CLASS['core_user']->data['username'], 'EMAIL' => isset($email) ? $email : $_CLASS['core_user']->data['user_email'], 'CONFIRM_EMAIL' => '', 'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '', 'NEW_PASSWORD' => isset($new_password) ? $new_password : '', 'CUR_PASSWORD' => '', 'L_USERNAME_EXPLAIN' => sprintf($_CLASS['core_user']->lang[$user_char_ary[str_replace('\\\\', '\\', $_CORE_CONFIG['user']['allow_name_chars'])] . '_EXPLAIN'], $_CORE_CONFIG['user']['min_name_chars'], $_CORE_CONFIG['user']['max_name_chars']), 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($_CLASS['core_user']->lang['CHANGE_PASSWORD_EXPLAIN'], $_CORE_CONFIG['user']['min_pass_chars'], $_CORE_CONFIG['user']['max_pass_chars']), 'S_FORCE_PASSWORD' => $_CORE_CONFIG['user']['chg_passforce'] && $this->data['user_passchg'] < time() - $_CORE_CONFIG['user']['chg_passforce'] ? true : false, 'S_CHANGE_USERNAME' => $_CORE_CONFIG['user']['allow_namechange'] && $_CLASS['auth']->acl_get('u_chgname') ? true : false, 'S_CHANGE_EMAIL' => $_CLASS['auth']->acl_get('u_chgemail') ? true : false, 'S_CHANGE_PASSWORD' => true)); break; case 'profile_info': $error = array(); $this_year = gmdate('Y', time()); if ($submit) { $icq = get_variable('icq', 'POST', null); $aim = get_variable('aim', 'POST', null); $msn = get_variable('msn', 'POST', null); $yim = get_variable('yim', 'POST', null); $jabber = get_variable('jabber', 'POST', null); //$google = get_variable('google', 'POST', null); $website = get_variable('website', 'POST', null); $location = get_variable('location', 'POST', null); $occupation = get_variable('occupation', 'POST', null); $interests = get_variable('interests', 'POST', null); $bday_day = get_variable('bday_day', 'POST', false); $bday_month = get_variable('bday_month', 'POST', false); $bday_year = get_variable('bday_year', 'POST', false); if ($bday_day || $bday_month || $bday_year) { if ($bday_day < 1 || $bday_day > 31 || $bday_month < 1 || $bday_month > 12 || $bday_year < $this_year - 100 || $bday_month > $this_year) { $error[] = $_CLASS['core_user']->get_lang('BIRTHDAY_ERROR'); } } if (mb_strlen($interests) > 255) { $error[] = $_CLASS['core_user']->get_lang('INTEREST_LONG_ERROR'); } if (mb_strlen($occupation) > 255) { $error[] = $_CLASS['core_user']->get_lang('OCCUPATION_LONG_ERROR'); } if (empty($error)) { $sql_ary = array('user_icq' => $icq, 'user_aim' => $aim, 'user_msnm' => $msn, 'user_yim' => $yim, 'user_jabber' => $jabber, 'user_website' => $website, 'user_from' => $location, 'user_occ' => $occupation, 'user_interests' => $interests, 'user_birthday' => $bday_day ? sprintf('%2d-%2d-%4d', $bday_day, $bday_month, $bday_year) : null); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $_CLASS['core_user']->data['user_id']; $_CLASS['core_db']->sql_query($sql); $_CLASS['core_display']->meta_refresh(3, $module_link); $message = $_CLASS['core_user']->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . $module_link . '">', '</a>'); trigger_error($message); } } if (!isset($bday_day)) { if ($_CLASS['core_user']->data['user_birthday']) { list($bday_day, $bday_month, $bday_year) = explode('-', $_CLASS['core_user']->data['user_birthday']); } else { $bday_day = $bday_month = $bday_year = ''; } } $s_birthday_day_options = '<option value="0"' . (!$bday_day ? ' selected="selected"' : '') . '>--</option>'; for ($i = 1; $i < 32; $i++) { $selected = $i == $bday_day ? ' selected="selected"' : ''; $s_birthday_day_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } $s_birthday_month_options = '<option value="0"' . (!$bday_month ? ' selected="selected"' : '') . '>--</option>'; for ($i = 1; $i < 13; $i++) { $selected = $i == $bday_month ? ' selected="selected"' : ''; $s_birthday_month_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } $s_birthday_year_options = ''; $s_birthday_year_options = '<option value="0"' . (!$bday_year ? ' selected="selected"' : '') . '>--</option>'; $i = $this_year - 100; for ($i; $i < $this_year; $i++) { $selected = $i == $bday_year ? ' selected="selected"' : ''; $s_birthday_year_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? '' : implode('<br />', $error), 'ICQ' => isset($icq) ? $icq : $_CLASS['core_user']->data['user_icq'], 'YIM' => isset($yim) ? $yim : $_CLASS['core_user']->data['user_yim'], 'AIM' => isset($aim) ? $aim : $_CLASS['core_user']->data['user_aim'], 'MSN' => isset($msn) ? $msn : $_CLASS['core_user']->data['user_msnm'], 'JABBER' => isset($jabber) ? $jabber : $_CLASS['core_user']->data['user_jabber'], 'WEBSITE' => isset($website) ? $website : $_CLASS['core_user']->data['user_website'], 'LOCATION' => isset($location) ? $location : $_CLASS['core_user']->data['user_from'], 'OCCUPATION' => isset($occupation) ? $occupation : $_CLASS['core_user']->data['user_occ'], 'INTERESTS' => isset($interests) ? $interests : $_CLASS['core_user']->data['user_interests'], 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options)); break; case 'signature': require $site_file_root . 'includes/forums/functions_posting.php'; // Generate smiley listing generate_smilies('inline', 0); $enable_html = $config['allow_sig_html'] ? isset($_POST['disable_html']) : false; $enable_bbcode = $config['allow_sig_bbcode'] ? isset($_POST['disable_bbcode']) ? false : $_CLASS['core_user']->optionget('bbcode') : false; $enable_smilies = $config['allow_sig_smilies'] ? isset($_POST['disable_smilies']) ? false : $_CLASS['core_user']->optionget('smilies') : false; $enable_urls = isset($_POST['disable_magic_url']) ? false : true; $signature = request_var('signature', $_CLASS['core_user']->data['user_sig']); if ($submit || $preview) { require_once $site_file_root . 'includes/forums/message_parser.php'; if ($signature) { $message_parser = new parse_message($signature); // Allowing Quote BBCode $message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, true, 'sig'); if (sizeof($message_parser->warn_msg)) { $error[] = implode('<br />', $message_parser->warn_msg); } if (!sizeof($error) && $submit) { $sql_ary = array('user_sig' => (string) $message_parser->message, 'user_sig_bbcode_uid' => (string) $message_parser->bbcode_uid, 'user_sig_bbcode_bitfield' => (int) $message_parser->bbcode_bitfield); } } else { $sql_ary = array('user_sig' => '', 'user_sig_bbcode_uid' => '', 'user_sig_bbcode_bitfield' => (int) ''); } if (!sizeof($error) && $submit) { $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $_CLASS['core_user']->data['user_id']; $_CLASS['core_db']->sql_query($sql); $message = $_CLASS['core_user']->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . $module_link . '\\>', '</a>'); trigger_error($message); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$_CLASS['core_user']->lang['\\1'])) ? \$_CLASS['core_user']->lang['\\1'] : '\\1'", $error); } $signature_preview = ''; if ($preview && $signature) { // Now parse it for displaying $signature_preview = $message_parser->format_display($enable_html, $enable_bbcode, $enable_urls, $enable_smilies, false); unset($message_parser); } decode_message($signature, $_CLASS['core_user']->data['user_sig_bbcode_uid']); $_CLASS['core_template']->assign(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'SIGNATURE' => $signature, 'SIGNATURE_PREVIEW' => $signature_preview, 'S_HTML_CHECKED' => !$enable_html ? 'checked="checked"' : '', 'S_BBCODE_CHECKED' => !$enable_bbcode ? 'checked="checked"' : '', 'S_SMILIES_CHECKED' => !$enable_smilies ? 'checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => !$enable_urls ? 'checked="checked"' : '', 'HTML_STATUS' => $config['allow_sig_html'] ? $_CLASS['core_user']->lang['HTML_IS_ON'] : $_CLASS['core_user']->lang['HTML_IS_OFF'], 'BBCODE_STATUS' => $config['allow_sig_bbcode'] ? sprintf($_CLASS['core_user']->lang['BBCODE_IS_ON'], '<a href="' . generate_link('Forums&file=faq&mode=bbcode') . '" target="_phpbbcode">', '</a>') : sprintf($_CLASS['core_user']->lang['BBCODE_IS_OFF'], '<a href="' . generate_link('Forums&file=faq&mode=bbcode') . '" target="_phpbbcode">', '</a>'), 'SMILIES_STATUS' => $config['allow_sig_smilies'] ? $_CLASS['core_user']->lang['SMILIES_ARE_ON'] : $_CLASS['core_user']->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => $config['allow_sig_img'] ? $_CLASS['core_user']->lang['IMAGES_ARE_ON'] : $_CLASS['core_user']->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $config['allow_sig_flash'] ? $_CLASS['core_user']->lang['FLASH_IS_ON'] : $_CLASS['core_user']->lang['FLASH_IS_OFF'], 'L_SIGNATURE_EXPLAIN' => sprintf($_CLASS['core_user']->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']), 'S_HTML_ALLOWED' => $config['allow_sig_html'], 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'])); break; case 'avatar': $display_gallery = isset($_POST['display_gallery']); $folder = isset($_REQUEST['category']) ? str_replace(array('../', '..\\', './', '.\\'), '', $_REQUEST['category']) : false; $delete = isset($_POST['delete']); // Can we upload? $can_upload = file_exists($config['avatar_path']) && is_writeable($config['avatar_path']) && @ini_get('file_uploads') ? true : false; if ($submit) { $gallery_avatar = isset($_POST['avatarselect']) ? str_replace(array('../', '..\\', './', '.\\'), '', $_POST['avatarselect']) : false; if ($config['allow_avatar_local'] && $gallery_avatar) { if (!file_exists($config['avatar_gallery_path'] . '/' . $gallery_avatar)) { $error[] = 'BAD_AVATAR'; } else { $type = AVATAR_GALLERY; $filename = $gallery_avatar; list($width, $height) = getimagesize($config['avatar_gallery_path'] . '/' . $gallery_avatar); } } else { $data['uploadurl'] = get_variable('uploadurl', 'POST', false); $data['remotelink'] = get_variable('remotelink', 'POST', ''); $data['width'] = get_variable('width', 'POST', ''); $data['height'] = get_variable('height', 'POST', ''); $data['user_id'] = $_CLASS['core_user']->data['user_id']; require_once $site_file_root . 'includes/forums/functions_user.php'; if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload) { list($type, $filename, $width, $height) = avatar_upload($data, $error); } elseif ($data['remotelink'] && $config['allow_avatar_remote']) { list($type, $filename, $width, $height) = avatar_remote($data, $error); } elseif ($delete) { $type = $filename = $width = $height = ''; } else { $error[] = 'IM_LOST'; } } if (empty($error)) { $sql_ary = array('user_avatar' => $filename, 'user_avatar_type' => $type, 'user_avatar_width' => $width, 'user_avatar_height' => $height); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $_CLASS['core_user']->data['user_id']; $_CLASS['core_db']->sql_query($sql); // Delete old avatar if present if ($_CLASS['core_user']->data['user_avatar'] && $filename != $_CLASS['core_user']->data['user_avatar'] && $_CLASS['core_user']->data['user_avatar_type'] != AVATAR_GALLERY) { avatar_delete($_CLASS['core_user']->data['user_avatar']); } $_CLASS['core_display']->meta_refresh(3, $module_link); $message = $_CLASS['core_user']->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . $module_link . '">', '</a>'); trigger_error($message); } $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$_CLASS['core_user']->lang['\\1'])) ? \$_CLASS['core_user']->lang['\\1'] : '\\1'", $error); } // Generate users avatar $avatar_img = ''; if ($_CLASS['core_user']->data['user_avatar']) { switch ($_CLASS['core_user']->data['user_avatar_type']) { case AVATAR_UPLOAD: $avatar_img = $config['avatar_path'] . '/'; break; case AVATAR_GALLERY: $avatar_img = $config['avatar_gallery_path'] . '/'; break; } $avatar_img .= $_CLASS['core_user']->data['user_avatar']; $avatar_img = '<img src="' . $avatar_img . '" width="' . $_CLASS['core_user']->data['user_avatar_width'] . '" height="' . $_CLASS['core_user']->data['user_avatar_height'] . '" border="0" alt="" />'; } $_CLASS['core_template']->assign(array('ERROR' => empty($error) ? '' : implode('<br />', $error), 'AVATAR' => $avatar_img, 'AVATAR_SIZE' => $config['avatar_filesize'], 'S_FORM_ENCTYPE' => $can_upload ? ' enctype="multipart/form-data"' : '', 'L_AVATAR_EXPLAIN' => sprintf($_CLASS['core_user']->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)))); if ($display_gallery && $config['allow_avatar_local']) { require_once $site_file_root . 'includes/functions_user.php'; $avatar_list = avatar_gallery($folder, $folders, $error); array_unshift($folders, ''); $s_category_options = ''; foreach ($folders as $cat) { $s_category_options .= '<option value="' . $cat . '"' . ($cat == $folder ? ' selected="selected"' : '') . '>' . ($cat ? $cat : '--') . '</option>'; } $_CLASS['core_template']->assign(array('S_DISPLAY_GALLERY' => true, 'S_CAT_OPTIONS' => $s_category_options)); foreach ($avatar_list as $avatar) { $_CLASS['core_template']->assign_vars_array('avatar', array('AVATAR_IMAGE' => $config['avatar_gallery_path'] . '/' . $avatar['file'], 'AVATAR_NAME' => $avatar['name'], 'AVATAR_FILE' => $avatar['file'])); } unset($avatar_list); } else { $_CLASS['core_template']->assign(array('AVATAR' => $avatar_img, 'AVATAR_SIZE' => $config['avatar_filesize'], 'WIDTH' => $_CLASS['core_user']->data['user_avatar_width'], 'HEIGHT' => $_CLASS['core_user']->data['user_avatar_height'], 'S_CAN_UPLOAD' => $can_upload, 'S_LINK_AVATAR' => $config['allow_avatar_remote'], 'S_GALLERY_AVATAR' => $config['allow_avatar_local'])); } break; } $_CLASS['core_template']->assign_array(array('L_TITLE' => $_CLASS['core_user']->lang['UCP_PROFILE_' . strtoupper($mode)], 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => $module_link)); $this->display($_CLASS['core_user']->lang['UCP_PROFILE'], 'ucp_profile_' . $mode . '.html'); }
function do_pass_change() { global $ir, $c, $userid, $h; $oldpw = stripslashes($_POST['oldpw']); $newpw = stripslashes($_POST['newpw']); $newpw2 = stripslashes($_POST['newpw2']); if (!verify_user_password($oldpw, $ir['pass_salt'], $ir['userpass'])) { echo "\n\t\tThe current password you entered was wrong.<br />\n\t\t<a href='preferences.php?action=passchange'>> Back</a>\n \t\t"; } else { if ($newpw !== $newpw2) { echo "The new passwords you entered did not match!<br />\n\t\t<a href='preferences.php?action=passchange'>> Back</a>"; } else { // Re-encode password $new_psw = mysql_real_escape_string(encode_password($newpw, $ir['pass_salt']), $c); mysql_query("UPDATE `users`\n SET `userpass` = '{$new_psw}'\n WHERE `userid` = {$ir['userid']}", $c); echo "Password changed!<br />\n > <a href='preferences.php'>Go Back</a>"; } } }
case "unbanUser": // Unban a user from login $sts['active'] = 1; $database->user_edit($id, $sts); echo sprintf("<img border='0' title='%s' alt='%s' src='../skins/%s/grfx/jipp.gif' width='16' height='16' />", $kga['lang']['activeAccount'], $kga['lang']['activeAccount'], $view->skin()->getName()); break; case "sendEditUser": // process editUser form $userData['name'] = trim($_REQUEST['name']); $userData['mail'] = $_REQUEST['mail']; $userData['alias'] = $_REQUEST['alias']; $userData['globalRoleID'] = $_REQUEST['globalRoleID']; $userData['rate'] = str_replace($kga['conf']['decimalSeparator'], '.', $_REQUEST['rate']); // if password field is empty => password unchanged (not overwritten with "") if (!empty($_REQUEST['password'])) { $userData['password'] = encode_password($_REQUEST['password']); } $oldGroups = $database->getGroupMemberships($id); // validate data $errorMessages = array(); if ($database->customer_nameToID($userData['name']) !== false) { $errorMessages['name'] = $kga['lang']['errorMessages']['customerWithSameName']; } $assignedGroups = isset($_REQUEST['assignedGroups']) ? $_REQUEST['assignedGroups'] : array(); $membershipRoles = isset($_REQUEST['membershipRoles']) ? $_REQUEST['membershipRoles'] : array(); if (!checkGroupedObjectPermission('user', 'edit', $oldGroups, $assignedGroups)) { $errorMessages[''] = $kga['lang']['errorMessages']['permissionDenied']; } if (count($errorMessages) == 0) { $database->user_edit($id, $userData); $groups = array_combine($assignedGroups, $membershipRoles);
"message":"' . lang('core', 'operation_failed') . '", "navTabId":"admin_user_index", "rel":"", "reloadFlag":"1", "callbackType":"closeCurrent", "forwardUrl":"", "confirmMsg":"" }'; } die; } } else { //DEBUG 新增 if ($is_submit) { if ($user_password == $user_password2 && !empty($user_name) && !empty($user_realname)) { $user_password_encode = encode_password($user_password); $user_data = array("user_name" => $user_name, "user_realname" => $user_realname, "user_password" => $user_password_encode, "user_role_id" => $user_role_id, "user_score" => $user_score, "user_create_time" => TIMESTAMP); DB::insert('users', $user_data); //DEBUG 更新用户权限菜单 ext::set_user_role_menu(2, $user_menu, $user_id); echo '{ "statusCode":"200", "message":"' . lang('core', 'operation_successful') . '", "navTabId":"admin_user_index", "rel":"", "reloadFlag":"1", "callbackType":"closeCurrent", "forwardUrl":"", "confirmMsg":"" }'; } else {
$name = addslashes(strtolower(trim($_POST["name"]))); $pw = addslashes(trim($_POST["pw"])); $gcode = $_POST["gauth"]; $seccode = intval(trim($_POST["seccode"])); if ($name && $pw && $seccode) { if (strlen($name) < 21 && strlen($pw) < 32) { if (preg_match('/^[a-zA-Z0-9\\x80-\\xff]{4,20}$/i', $name)) { if (preg_match('/^[0-9]{4,20}$/', $name)) { $errors[] = '名字不能全为数字'; } else { error_reporting(0); session_start(); if ($seccode === intval($_SESSION['code'])) { $db_user = $DBS->fetch_one_array("SELECT * FROM yunbbs_users WHERE name='" . $name . "' LIMIT 1"); if ($db_user) { $pwmd5 = encode_password($pw, $db_user['regtime']); if ($pwmd5 == $db_user['password']) { // G Auth Checking $gsecret = $db_user['gauthsecret']; if ($gsecret != Null) { if ($gcode) { $ga = new GoogleAuth(); $checkResult = $ga->verifyCode($gsecret, $gcode); if ($checkResult) { //设置cookie $db_ucode = md5($db_user['id'] . $db_user['password'] . $db_user['regtime'] . $db_user['lastposttime'] . $db_user['lastreplytime']); $cur_uid = $db_user['id']; setcookie("cur_uid", $cur_uid, time() + 86400 * 365, '/'); setcookie("cur_uname", $name, time() + 86400 * 365, '/'); setcookie("cur_ucode", $db_ucode, time() + 86400 * 365, '/'); $cur_user = $db_user;
/** * Given a password input given by the user and their actual details, * determine whether the password entered was correct. * * Note that password-salt systems don't require the extra md5() on the $input. * This is only here to ensure backwards compatibility - that is, * a v2 game can be upgraded to use the password salt system without having * previously used it, without resetting every user's password. * * @param string $input The input password given by the user. * Should be without slashes. * @param string $salt The user's unique pass salt * @param string $pass The user's encrypted password * * @return boolean true for equal, false for not (login failed etc) * */ function verify_user_password($input, $salt, $pass) { return $pass === encode_password($input, $salt); }
function new_user_submit() { global $ir, $c, $userid; if (!isset($_POST['username']) || !isset($_POST['login_name']) || !isset($_POST['userpass'])) { print "You missed one or more of the required fields. Please go back and try again.<br />\n<a href='new_staff.php?action=newuser'>> Back</a>"; $h->endpage(); exit; } $level = abs((int) $_POST['level']); $money = abs((int) $_POST['money']); $crystals = abs((int) $_POST['crystals']); $donator = abs((int) $_POST['donatordays']); $ulevel = abs((int) $_POST['user_level']); $strength = abs((int) $_POST['strength']); $agility = abs((int) $_POST['agility']); $guard = abs((int) $_POST['guard']); $labour = abs((int) $_POST['labour']); $iq = abs((int) $_POST['iq']); $energy = 10 + $level * 2; $brave = 3 + $level * 2; $hp = 50 + $level * 50; $username = mysql_real_escape_string(strip_tags(stripslashes($_POST['username'])), $c); $loginname = mysql_real_escape_string(strip_tags(stripslashes($_POST['login_name'])), $c); $password = stripslashes($_POST['userpass']); $salt = generate_pass_salt(); $enc_psw = encode_password($password, $salt, false); $i_salt = mysql_real_escape_string($salt, $c); $i_encpsw = mysql_real_escape_string($enc_psw, $c); $email = mysql_real_escape_string(strip_tags(stripslashes($_POST['email'])), $c); $gender = isset($_POST['gender']) && in_array($_POST['gender'], array('Male', 'Female')) ? $_POST['gender'] : 'Male'; mysql_query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays,\n user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender,\n signedup, email, bankmoney, pass_salt)\n VALUES( '{$username}', '{$loginname}', '{$i_encpsw}', {$level},\n {$money}, {$crystals}, {$donator}, {$ulevel}, {$energy}, {$energy}, 100, 100, {$brave}, {$brave}, {$hp}, {$hp}, 1,\n '{$gender}', " . time() . ", '{$email}', -1, '{$i_salt}')", $c); $i = mysql_insert_id($c); mysql_query("INSERT INTO userstats VALUES({$i}, {$strength}, {$agility}, {$guard}, {$labour}, {$iq})", $c); print "User created!"; }
exec_query("UPDATE `{$p}globalRoles` SET `core-{$object}-otherGroup-view` = 1 WHERE `name` = 'Admin';"); } exec_query("INSERT INTO `{$p}statuses` (`statusID` ,`status`) VALUES ('1', 'open'), ('2', 'review'), ('3', 'closed');"); // GROUPS $defaultGroup = $kga['lang']['defaultGroup']; $query = "INSERT INTO `{$p}groups` (`name`) VALUES ('admin');"; exec_query($query); // MISC $query = "INSERT INTO `{$p}activities` (`activityID`, `name`, `comment`) VALUES (1, '" . $kga['lang']['testActivity'] . "', '');"; exec_query($query); $query = "INSERT INTO `{$p}customers` (`customerID`, `name`, `comment`, `company`, `vat`, `contact`, `street`, `zipcode`, `city`, `phone`, `fax`, `mobile`, `mail`, `homepage`, `timezone`) VALUES (1, '" . $kga['lang']['testCustomer'] . "', '', '', '', '', '', '', '', '', '', '', '',''," . quoteForSql($_REQUEST['timezone']) . ");"; exec_query($query); $query = "INSERT INTO `{$p}projects` (`projectID`, `customerID`, `name`, `comment`) VALUES (1, 1, '" . $kga['lang']['testProject'] . "', '');"; exec_query($query); // ADMIN USER $adminPassword = encode_password('changeme'); $query = "INSERT INTO `{$p}users` (`userID`,`name`,`mail`,`password`, `globalRoleID` ) VALUES ('{$randomAdminID}','admin','*****@*****.**','{$adminPassword}',1);"; exec_query($query); $query = "INSERT INTO `{$p}preferences` (`userID`,`option`,`value`) VALUES\n('{$randomAdminID}', 'ui.rowlimit', '100'),\n('{$randomAdminID}', 'ui.skin', 'standard'),\n('{$randomAdminID}', 'ui.showCommentsByDefault', '0'),\n('{$randomAdminID}', 'ui.hideOverlapLines', '1'),\n('{$randomAdminID}', 'ui.showTrackingNumber', '1'),\n('{$randomAdminID}', 'timezone', " . quoteForSql($_REQUEST['timezone']) . ");"; exec_query($query); // Configuration exec_query("INSERT INTO `{$p}configuration` (`option`, `value`) VALUES\n('version', '" . $kga['version'] . "'),\n('login', '1'),\n('adminmail', '*****@*****.**'),\n('loginTries', '3'),\n('loginBanTime', '900'),\n('revision', '" . $kga['revision'] . "'),\n('currency_name', 'Euro'),\n('currency_sign', '€'),\n('currency_first', '0'),\n('show_update_warn', '1'),\n('check_at_startup', '0'),\n('show_daySeperatorLines', '1'),\n('show_gabBreaks', '0'),\n('show_RecordAgain', '1'),\n('show_TrackingNr', '1'),\n('date_format_0', 'dd.mm.yy'),\n('date_format_1', '%d.%m.'),\n('date_format_2', '%d.%m.%Y'),\n('date_format_3', 'd.m.Y'),\n('table_time_format', '%H:%M'),\n('language', '" . $kga['language'] . "'),\n('roundPrecision', '0'),\n('decimalSeparator', ','),\n('durationWithSeconds', '0'),\n('exactSums', '0'),\n('defaultVat', '0'),\n('editLimit', '0'),\n('roundTimesheetEntries', '0'),\n('roundMinutes', '0'),\n('roundSeconds', '0'),\n('allowRoundDown', '0'),\n('defaultStatusID', '1')\n"); // CROSS TABLES $query = "INSERT INTO `{$p}groups_users` (`groupID`, `userID`, `membershipRoleID`) VALUES (1, '" . $randomAdminID . "', 1);"; exec_query($query); $query = "INSERT INTO `{$p}groups_activities` (`groupID`, `activityID`) VALUES (1, 1);"; exec_query($query); $query = "INSERT INTO `{$p}groups_customers` (`groupID`, `customerID`) VALUES (1, 1);"; exec_query($query); $query = "INSERT INTO `{$p}groups_projects` (`groupID`, `projectID`) VALUES (1, 1);"; exec_query($query);
<?php include "includes.php"; $text = "3"; echo $text . "<BR>"; $base64 = base64_encode($text); echo $base64 . "<BR>"; $x = substr($base64, 0, 2); echo $x . "<BR>"; $y = substr($base64, 2); echo $y . "<BR>"; $z = encode_password($x, 1); echo $z . "<BR>"; $result = $z . $y; echo $result . "<BR>"; $base64 = base64_decode($result); echo $base64 . "<BR>"; $text = $result; echo $text . "<BR>"; $x = substr($text, 0, 2); echo $x . "<BR>"; $y = substr($text, 2); echo $y . "<BR>"; $z = encode_password($x, 1); echo $z . "<BR>"; $a = $z . $y; echo $a . "<BR>"; $base64 = base64_decode($a); echo $base64 . "<BR>";
$tip2 = '图片转换失败,请稍后再试'; } } else { $tip2 = '你上传的不是图片文件,只支持jpg/gif/png三种格式'; } } else { $tip2 = '图片尚未上传或太大了'; } } else { if ($action == 'chpw') { $password_new = addslashes(trim($_POST['password_new'])); $password_again = addslashes(trim($_POST['password_again'])); if ($password_new && $password_again) { if ($password_new == $password_again) { $db_user2 = $DBS->fetch_one_array("SELECT `regtime` FROM `yunbbs_users` WHERE `id`='{$mid}'"); $new_md5pw = encode_password($password_new, $db_user2['regtime']); if ($DBS->unbuffered_query("UPDATE yunbbs_users SET password='******' WHERE id='{$mid}'")) { $tip3 = '密码已成功更改,请记住新密码'; } else { $tip3 = '数据保存失败,请稍后再试'; } } else { $tip3 = '新密码、重复新密码不一致'; } } else { $tip3 = '请填写完整,新密码、重复新密码'; } } else { if ($action == 'setflag') { $flag = intval(trim($_POST['flag'])); if ($flag >= 0 && $flag <= 99) {
if ($username_validate !== true) { $error[] = $_CLASS['core_user']->get_lang($username_validate); } if (!$password || $password !== get_variable('password_confirm', 'POST', '')) { $error[] = $_CLASS['core_user']->get_lang('PASSWORD_ERROR'); } if (!$email) { $error[] = $_CLASS['core_user']->get_lang('EMAIL_ERROR'); } elseif (!check_email($email)) { $error[] = $_CLASS['core_user']->get_lang('EMAIL_INVALID'); } if (!$tz || !in_array($tz, tz_array())) { $tz = null; } if (empty($error)) { $password = encode_password($password, $_CORE_CONFIG['user']['password_encoding']); if (!$password) { //do some admin contact thing here die('Try again later'); } $data = array('username' => (string) $username, 'user_email' => (string) $email, 'user_group' => (int) $coppa ? 3 : 2, 'user_reg_date' => (int) $_CLASS['core_user']->time, 'user_timezone' => $tz, 'user_password' => (string) $password, 'user_password_encoding' => (string) $_CORE_CONFIG['user']['password_encoding'], 'user_lang' => $lang == $_CORE_CONFIG['global']['default_lang'] ? null : $lang, 'user_type' => USER_NORMAL, 'user_status' => STATUS_ACTIVE, 'user_act_key' => null, 'user_ip' => ''); user_add($data); set_core_config('user', 'newest_user_id', $data['user_id'], false); set_core_config('user', 'newest_username', $data['username'], false); set_core_config('user', 'total_users', $_CORE_CONFIG['user']['total_users'] + 1); trigger_error('USER_ADDED'); } } $_CLASS['core_template']->assign_array(array('COPPA' => isset($coppa) ? $coppa : false, 'EMAIL' => isset($email) ? $email : '', 'ERROR' => empty($error) ? false : implode('<br />', $error), 'PASSWORD' => isset($password) ? $password : '', 'USERNAME' => isset($username) ? $username : '', 'SELECT_TZ' => select_tz(isset($tz) ? $tz : $_CORE_CONFIG['global']['default_timezone']), 'S_ACTION' => generate_link('users&mode=add_user', array('admin' => true)))); $_CLASS['core_display']->display(false, 'admin/users/add.html'); break;
<?php switch ($do) { case "logout": ext::synlogout(); @header('Location: index.php'); break; case "ajax_login": /* RECEIVE VALUE */ $username = isset($_GET['username']) ? $_GET['username'] : ''; $password = isset($_GET['password']) ? $_GET['password'] : ''; $api_client = isset($_GET['api_client']) ? $_GET['api_client'] : ''; $check_username = DB::result_first("SELECT user_id FROM " . DB::table('users') . " where user_name ='" . $username . "' AND isdelete = 0 LIMIT 1"); $user_id = $check_user_pass = DB::result_first("SELECT user_id FROM " . DB::table('users') . " where user_name ='" . $username . "' and user_password ='******' AND isdelete = 0 LIMIT 1"); $validateError = lang('core', 'username_right'); $validateSuccess = lang('core', 'username_wrong'); /* RETURN VALUE */ $arrayToJs = array(); $arrayToJs[0] = array(); $arrayToJs[1] = array(); if (!empty($check_username)) { // validate?? $arrayToJs[0][0] = 'username'; $arrayToJs[0][1] = true; // RETURN TRUE $arrayToJs[0][2] = lang('core', 'username_effective'); // RETURN ARRAY WITH success } else { $arrayToJs[0][0] = 'username'; $arrayToJs[0][1] = false; $arrayToJs[0][2] = lang('core', 'username_invalid');
$table = "xuser_pegawai"; $field = array("username", "password", "reset"); $p_next = 55; if (@$_POST['xuser']) { extract($_POST); if ($oldpassword != "") { if ($password != "") { if ($retrypassword != "") { $ocheck = xuser("password", "username = '******'"); $check = mysql_fetch_array($ocheck); $len = strlen($oldpassword); if (md5($oldpassword) == decode_password($check['password'], $len)) { if ($password == $retrypassword) { $username = $susername; $len = strlen($password); $password = encode_password(md5($password), $len); $reset = "0"; foreach ($field as $k => $val) { $value[$k] = ${$val}; } $sql = sql_update($table, $field, $value); $sql = str_replace("''", "NULL", $sql); $query = mysql_query($sql); if ($query == 1) { $msg = "Ubah kata sandi berhasil. Id = " . $susername . "."; update_log($msg, $table, $susername, 1); $_SESSION['errmsg'] = $msg; } else { $msg = "Ubah kata sandi gagal. Error = " . mysql_error() . "."; update_log($msg, $table, $susername, 0); $_SESSION['errmsg'] = $msg;
switch ($this->mode) { case 'reg_details': if ($submit) { $password = get_variable('new_password', 'POST', false); $cur_password = get_variable('cur_password', 'POST', false); if (!$cur_password || encode_password($cur_password, $_CLASS['core_user']->data['user_password_encoding']) !== $_CLASS['core_user']->data['user_password']) { $error[] = $_CLASS['core_user']->get_lang('CURRENT_PASSWORD_INVALID'); } if (!$password || $password !== get_variable('password_confirm', 'POST', '')) { $error[] = $_CLASS['core_user']->get_lang('PASSWORD_MISMATCH'); } if (empty($error) && $password === $cur_password) { $error[] = $_CLASS['core_user']->get_lang('PASSWORD_SAME'); } if (empty($error)) { $array = array('user_password' => encode_password($password, $_CLASS['core_user']->data['user_password_encoding'])); $sql = 'UPDATE ' . CORE_USERS_TABLE . ' SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $array) . ' WHERE user_id = ' . $_CLASS['core_user']->data['user_id']; $_CLASS['core_db']->sql_query($sql); } } $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? '' : implode('<br />', $error), 'USERNAME' => $_CLASS['core_user']->data['username'], 'EMAIL' => $_CLASS['core_user']->data['user_email'], 'CONFIRM_EMAIL' => '', 'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '', 'NEW_PASSWORD' => isset($new_password) ? $new_password : '', 'CUR_PASSWORD' => '', 'L_USERNAME_EXPLAIN' => '', 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($_CLASS['core_user']->lang['CHANGE_PASSWORD_EXPLAIN'], $_CORE_CONFIG['user']['min_pass_chars'], $_CORE_CONFIG['user']['max_pass_chars']), 'S_FORCE_PASSWORD' => false, 'S_CHANGE_USERNAME' => false, 'S_CHANGE_EMAIL' => false, 'S_CHANGE_PASSWORD' => true)); break; case 'signature': require_once SITE_FILE_ROOT . 'includes/forums/functions_posting.php'; // Generate smiley listing generate_smilies('inline', 0); $enable_html = true ? !isset($_POST['disable_html']) : false; $enable_bbcode = true ? !isset($_POST['disable_bbcode']) : false; $enable_smilies = true ? !isset($_POST['disable_smilies']) : false;
} } else { $errors[] = '名字 太长 或 太短 或 包含非法字符'; } } else { $errors[] = '用户名 或 密码 太长了'; } } else { $errors[] = '密码、重复密码 输入不一致'; } } else { $errors[] = '用户名、密码、重复密码、验证码 必填'; } //// if (!$errors) { $pwmd5 = encode_password($pw, $timestamp); if ($options['register_review']) { $flag = 1; } else { $flag = 5; } $DBS->query("INSERT INTO yunbbs_users (id,name,flag,password,regtime) VALUES (null,'{$name}', {$flag}, '{$pwmd5}', {$timestamp})"); $new_uid = $DBS->insert_id(); if ($new_uid == 1) { $DBS->unbuffered_query("UPDATE yunbbs_users SET flag = '99' WHERE id='1'"); } $cache->clear('site_infos'); //设置cookie $db_ucode = md5($new_uid . $pwmd5 . $timestamp . '00'); $cur_uid = $new_uid; setcookie("cur_uid", $cur_uid, $timestamp + 86400 * 365, '/');
function ucp_profile($id, $mode) { global $config, $_CLASS, $site_file_root, $_CORE_CONFIG; $preview = isset($_POST['preview']); $submit = isset($_POST['submit']); $module_link = generate_link("Control_Panel&i={$id}&mode={$mode}"); $error = $data = array(); $s_hidden_fields = ''; switch ($mode) { case 'reg_details': if ($submit) { $password = get_variable('new_password', 'POST', false); $cur_password = get_variable('cur_password', 'POST', false); if (!$cur_password || encode_password($cur_password, $_CLASS['core_user']->data['user_password_encoding']) !== $_CLASS['core_user']->data['user_password']) { $error[] = $_CLASS['core_user']->get_lang('CURRENT_PASSWORD_INVALID'); } if (!$password || $password !== get_variable('password_confirm', 'POST', '')) { $error[] = $_CLASS['core_user']->get_lang('PASSWORD_MISMATCH'); } if (empty($error) && $password === $cur_password) { $error[] = $_CLASS['core_user']->get_lang('PASSWORD_SAME'); } if (empty($error)) { $array = array('user_password' => encode_password($password, $_CLASS['core_user']->data['user_password_encoding'])); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $array) . ' WHERE user_id = ' . $_CLASS['core_user']->data['user_id']; $_CLASS['core_db']->sql_query($sql); } } $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? '' : implode('<br />', $error), 'USERNAME' => $_CLASS['core_user']->data['username'], 'EMAIL' => $_CLASS['core_user']->data['user_email'], 'CONFIRM_EMAIL' => '', 'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '', 'NEW_PASSWORD' => isset($new_password) ? $new_password : '', 'CUR_PASSWORD' => '', 'L_USERNAME_EXPLAIN' => '', 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($_CLASS['core_user']->lang['CHANGE_PASSWORD_EXPLAIN'], $_CORE_CONFIG['user']['min_pass_chars'], $_CORE_CONFIG['user']['max_pass_chars']), 'S_FORCE_PASSWORD' => false, 'S_CHANGE_USERNAME' => false, 'S_CHANGE_EMAIL' => false, 'S_CHANGE_PASSWORD' => true)); break; case 'profile_info': $error = array(); $this_year = gmdate('Y', time()); if ($submit) { $icq = get_variable('icq', 'POST', null); $aim = get_variable('aim', 'POST', null); $msn = get_variable('msn', 'POST', null); $yim = get_variable('yim', 'POST', null); $jabber = get_variable('jabber', 'POST', null); //$google = get_variable('google', 'POST', null); $website = get_variable('website', 'POST', null); $location = get_variable('location', 'POST', null); $occupation = get_variable('occupation', 'POST', null); $interests = get_variable('interests', 'POST', null); $bday_day = get_variable('bday_day', 'POST', false); $bday_month = get_variable('bday_month', 'POST', false); $bday_year = get_variable('bday_year', 'POST', false); if ($bday_day || $bday_month || $bday_year) { if ($bday_day < 1 || $bday_day > 31 || $bday_month < 1 || $bday_month > 12 || $bday_year < $this_year - 100 || $bday_month > $this_year) { $error[] = $_CLASS['core_user']->get_lang('BIRTHDAY_ERROR'); } } if (mb_strlen($interests) > 255) { $error[] = $_CLASS['core_user']->get_lang('INTEREST_LONG_ERROR'); } if (mb_strlen($occupation) > 255) { $error[] = $_CLASS['core_user']->get_lang('OCCUPATION_LONG_ERROR'); } if (empty($error)) { $sql_ary = array('user_icq' => $icq, 'user_aim' => $aim, 'user_msnm' => $msn, 'user_yim' => $yim, 'user_jabber' => $jabber, 'user_website' => $website, 'user_from' => $location, 'user_occ' => $occupation, 'user_interests' => $interests, 'user_birthday' => $bday_day ? sprintf('%2d-%2d-%4d', $bday_day, $bday_month, $bday_year) : null); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $_CLASS['core_user']->data['user_id']; $_CLASS['core_db']->sql_query($sql); $_CLASS['core_display']->meta_refresh(3, $module_link); $message = $_CLASS['core_user']->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . $module_link . '">', '</a>'); trigger_error($message); } } if (!isset($bday_day)) { if ($_CLASS['core_user']->data['user_birthday']) { list($bday_day, $bday_month, $bday_year) = explode('-', $_CLASS['core_user']->data['user_birthday']); } else { $bday_day = $bday_month = $bday_year = ''; } } $s_birthday_day_options = '<option value="0"' . (!$bday_day ? ' selected="selected"' : '') . '>--</option>'; for ($i = 1; $i < 32; $i++) { $selected = $i == $bday_day ? ' selected="selected"' : ''; $s_birthday_day_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } $s_birthday_month_options = '<option value="0"' . (!$bday_month ? ' selected="selected"' : '') . '>--</option>'; for ($i = 1; $i < 13; $i++) { $selected = $i == $bday_month ? ' selected="selected"' : ''; $s_birthday_month_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } $s_birthday_year_options = ''; $s_birthday_year_options = '<option value="0"' . (!$bday_year ? ' selected="selected"' : '') . '>--</option>'; $i = $this_year - 100; for ($i; $i < $this_year; $i++) { $selected = $i == $bday_year ? ' selected="selected"' : ''; $s_birthday_year_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? '' : implode('<br />', $error), 'ICQ' => isset($icq) ? $icq : $_CLASS['core_user']->data['user_icq'], 'YIM' => isset($yim) ? $yim : $_CLASS['core_user']->data['user_yim'], 'AIM' => isset($aim) ? $aim : $_CLASS['core_user']->data['user_aim'], 'MSN' => isset($msn) ? $msn : $_CLASS['core_user']->data['user_msnm'], 'JABBER' => isset($jabber) ? $jabber : $_CLASS['core_user']->data['user_jabber'], 'WEBSITE' => isset($website) ? $website : $_CLASS['core_user']->data['user_website'], 'LOCATION' => isset($location) ? $location : $_CLASS['core_user']->data['user_from'], 'OCCUPATION' => isset($occupation) ? $occupation : $_CLASS['core_user']->data['user_occ'], 'INTERESTS' => isset($interests) ? $interests : $_CLASS['core_user']->data['user_interests'], 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options)); break; case 'signature': require $site_file_root . 'includes/forums/functions_posting.php'; // Generate smiley listing generate_smilies('inline', 0); $enable_html = true ? !isset($_POST['disable_html']) : false; $enable_bbcode = true ? !isset($_POST['disable_bbcode']) : false; $enable_smilies = true ? !isset($_POST['disable_smilies']) : false; $enable_urls = !isset($_POST['disable_magic_url']); $signature = get_variable('signature', 'POST', $_CLASS['core_user']->data['user_sig']); $signature_preview = ''; $sql_array = false; if ($submit || $preview) { require_once $site_file_root . 'includes/forums/message_parser.php'; if ($signature) { $message_parser = new parse_message($signature); // Allowing Quote BBCode $message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, true, 'sig'); if (!empty($message_parser->warn_msg)) { $error[] = implode('<br />', $message_parser->warn_msg); } } if (empty($error) && $submit) { if ($signature && !empty($message_parser->message)) { $sql_array = array('user_sig' => (string) $message_parser->message, 'user_sig_bbcode_uid' => (string) $message_parser->bbcode_uid, 'user_sig_bbcode_bitfield' => (int) $message_parser->bbcode_bitfield); } else { $sql_array = array('user_sig' => (string) '', 'user_sig_bbcode_uid' => (string) '', 'user_sig_bbcode_bitfield' => (int) 0); } $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_array) . ' WHERE user_id = ' . $_CLASS['core_user']->data['user_id']; $_CLASS['core_db']->sql_query($sql); $message = $_CLASS['core_user']->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . $module_link . '">', '</a>'); trigger_error($message); } } if ($preview && $signature) { // Now parse it for displaying $signature_preview = $message_parser->format_display($enable_html, $enable_bbcode, $enable_urls, $enable_smilies, false); unset($message_parser); } if ($signature) { decode_message($signature, $_CLASS['core_user']->data['user_sig_bbcode_uid']); } $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? '' : implode('<br />', $error), 'SIGNATURE' => $signature, 'SIGNATURE_PREVIEW' => $signature_preview, 'S_HTML_CHECKED' => $enable_html ? '' : 'checked="checked"', 'S_BBCODE_CHECKED' => $enable_bbcode ? '' : 'checked="checked"', 'S_SMILIES_CHECKED' => $enable_smilies ? '' : 'checked="checked"', 'S_MAGIC_URL_CHECKED' => $enable_urls ? '' : 'checked="checked"', 'HTML_STATUS' => true ? $_CLASS['core_user']->get_lang('HTML_IS_ON') : $_CLASS['core_user']->get_lang('HTML_IS_OFF'), 'BBCODE_STATUS' => true ? sprintf($_CLASS['core_user']->get_lang('BBCODE_IS_ON'), '<a href="' . generate_link('Forums&file=faq&mode=bbcode') . '" target="_phpbbcode">', '</a>') : sprintf($_CLASS['core_user']->get_lang('BBCODE_IS_OFF'), '<a href="' . generate_link('Forums&file=faq&mode=bbcode') . '" target="_phpbbcode">', '</a>'), 'SMILIES_STATUS' => true ? $_CLASS['core_user']->get_lang('SMILIES_ARE_ON') : $_CLASS['core_user']->get_lang('SMILIES_ARE_OFF'), 'IMG_STATUS' => true ? $_CLASS['core_user']->get_lang('IMAGES_ARE_ON') : $_CLASS['core_user']->get_lang('IMAGES_ARE_OFF'), 'FLASH_STATUS' => true ? $_CLASS['core_user']->get_lang('FLASH_IS_ON') : $_CLASS['core_user']->get_lang('FLASH_IS_OFF'), 'L_SIGNATURE_EXPLAIN' => sprintf($_CLASS['core_user']->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']), 'S_HTML_ALLOWED' => true, 'S_BBCODE_ALLOWED' => true, 'S_SMILIES_ALLOWED' => true)); break; case 'avatar': $display_gallery = isset($_POST['display_gallery']); $folder = isset($_POST['category']) ? str_replace(array('../', '..\\', './', '.\\'), '', $_POST['category']) : false; $delete = isset($_POST['delete']); // Can we upload? $can_upload = file_exists($config['avatar_path']) && is_writeable($config['avatar_path']) && @ini_get('file_uploads') ? true : false; if ($submit) { $gallery_avatar = isset($_POST['avatarselect']) ? str_replace(array('../', '..\\', './', '.\\'), '', $_POST['avatarselect']) : false; if ($config['allow_avatar_local'] && $gallery_avatar) { if (!file_exists($config['avatar_gallery_path'] . '/' . $gallery_avatar)) { $error[] = 'BAD_AVATAR'; } else { $type = AVATAR_GALLERY; $filename = $gallery_avatar; list($width, $height) = getimagesize($config['avatar_gallery_path'] . '/' . $gallery_avatar); } } else { $data['uploadurl'] = get_variable('uploadurl', 'POST', false); $data['remotelink'] = get_variable('remotelink', 'POST', ''); $data['width'] = get_variable('width', 'POST', ''); $data['height'] = get_variable('height', 'POST', ''); $data['user_id'] = $_CLASS['core_user']->data['user_id']; if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload) { list($type, $filename, $width, $height) = avatar_upload($data, $error); } elseif ($data['remotelink'] && $config['allow_avatar_remote']) { list($type, $filename, $width, $height) = avatar_remote($data, $error); } elseif ($delete) { $filename = ''; $type = $width = $height = 0; } else { $error[] = 'IM_LOST'; } } if (empty($error)) { $sql_ary = array('user_avatar' => (string) $filename, 'user_avatar_type' => (int) $type, 'user_avatar_width' => (int) $width, 'user_avatar_height' => (int) $height); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $_CLASS['core_user']->data['user_id']; $_CLASS['core_db']->sql_query($sql); // Delete old avatar if present if ($_CLASS['core_user']->data['user_avatar'] && $filename != $_CLASS['core_user']->data['user_avatar'] && $_CLASS['core_user']->data['user_avatar_type'] != AVATAR_GALLERY) { avatar_delete($_CLASS['core_user']->data['user_avatar']); } $_CLASS['core_display']->meta_refresh(3, $module_link); $message = $_CLASS['core_user']->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . $module_link . '">', '</a>'); trigger_error($message); } $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$_CLASS['core_user']->lang['\\1'])) ? \$_CLASS['core_user']->lang['\\1'] : '\\1'", $error); } // Generate users avatar $avatar_img = ''; if ($_CLASS['core_user']->data['user_avatar']) { switch ($_CLASS['core_user']->data['user_avatar_type']) { case AVATAR_UPLOAD: $avatar_img = $config['avatar_path'] . '/'; break; case AVATAR_GALLERY: $avatar_img = $config['avatar_gallery_path'] . '/'; break; } $avatar_img .= $_CLASS['core_user']->data['user_avatar']; $avatar_img = '<img src="' . $avatar_img . '" width="' . $_CLASS['core_user']->data['user_avatar_width'] . '" height="' . $_CLASS['core_user']->data['user_avatar_height'] . '" border="0" alt="" />'; } $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? '' : implode('<br />', $error), 'AVATAR' => $avatar_img, 'AVATAR_SIZE' => $config['avatar_filesize'], 'S_FORM_ENCTYPE' => $can_upload ? ' enctype="multipart/form-data"' : '', 'L_AVATAR_EXPLAIN' => sprintf($_CLASS['core_user']->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)))); if ($display_gallery && $config['allow_avatar_local']) { require_once $site_file_root . 'includes/functions_user.php'; $avatar_list = avatar_gallery($folder, $folders, $error); array_unshift($folders, ''); $s_category_options = ''; foreach ($folders as $cat) { $s_category_options .= '<option value="' . $cat . '"' . ($cat == $folder ? ' selected="selected"' : '') . '>' . ($cat ? $cat : '--') . '</option>'; } $_CLASS['core_template']->assign_array(array('S_DISPLAY_GALLERY' => true, 'S_CAT_OPTIONS' => $s_category_options)); foreach ($avatar_list as $avatar) { $_CLASS['core_template']->assign_vars_array('avatar', array('AVATAR_IMAGE' => $config['avatar_gallery_path'] . '/' . $avatar['file'], 'AVATAR_NAME' => $avatar['name'], 'AVATAR_FILE' => $avatar['file'])); } unset($avatar_list); } else { $_CLASS['core_template']->assign_array(array('AVATAR' => $avatar_img, 'AVATAR_SIZE' => $config['avatar_filesize'], 'WIDTH' => $_CLASS['core_user']->data['user_avatar_width'], 'HEIGHT' => $_CLASS['core_user']->data['user_avatar_height'], 'S_CAN_UPLOAD' => $can_upload, 'S_LINK_AVATAR' => $config['allow_avatar_remote'], 'S_GALLERY_AVATAR' => $config['allow_avatar_local'])); } break; } $_CLASS['core_template']->assign_array(array('L_TITLE' => $_CLASS['core_user']->lang['UCP_PROFILE_' . strtoupper($mode)], 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => $module_link)); $this->display($_CLASS['core_user']->lang['UCP_PROFILE'], 'ucp_profile_' . $mode . '.html'); }