function request($frm) { if (isset($_POST["btn_back"])) { return enter($frm); } if ($frm->validate("request")) { return confirm($frm); } $newkey = genkey(); if (isset($_REQUEST["suppid"])) { $suppid = $_REQUEST["suppid"]; $custid = "0"; } else { $custid = $_REQUEST["custid"]; $suppid = "0"; } $cols = grp(m("introtime", raw("CURRENT_TIMESTAMP")), m("introip", "0.0.0.0"), m("email", $_REQUEST["email"]), m("custid", $custid), m("suppid", $suppid), m("key", dbrow("0.0.0.0/0", "", $newkey)), m("userid", USER_ID)); $upd = new dbUpdate("keys", "trh", $cols); $upd->run(DB_INSERT); if ($upd->affected() > 0) { if (isset($_REQUEST["suppid"])) { if (($r = send_trhmsg("supp", $_REQUEST["suppid"], $_REQUEST["email"], "reqkey", $newkey)) === true) { $OUT = "Sent request for communication to supplier. On response you will be notified."; } else { $OUT = "Error sending request for communication: {$r}"; } } else { if (($r = send_trhmsg("cust", $_REQUEST["custid"], $_REQUEST["email"], "reqkey", $newkey)) === true) { $OUT = "Sent request for communication to customer. On response you will be notified."; } else { $OUT = "Error sending request for communication: {$r}"; } } } else { $OUT = "Error sending request for communication: Error updating database."; } return $OUT; }
} elseif ($ch_name == false) { $fehler = $lang['namealreadyinuse']; } elseif ($email != $xemail) { $fehler = $lang['wrongemail']; } elseif ($ch_email == false) { $fehler = $lang['emailalreadyinuse']; } $tpl = new tpl('user/regist'); $tpl->set('name', $name); $tpl->set('email', $email); $tpl->set_out('FEHLER', $fehler, 1); if ($allgAr['forum_regist_user_pass'] == 1) { $tpl->out(2); } $tpl->out(3); } else { $pass = genkey(8); if (!empty($_POST['pass'])) { $pass = escape($_POST['pass'], 'string'); } user_regist($name, $email, $pass); $tpl = new tpl('user/regist'); $title = $allgAr['title'] . ' :: Users :: Registrieren :: Step 3 von 3'; $hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">User</a><b> » </b><a class="smalfont" href="?user-regist">Registrieren</a><b> » </b>Step 3 von 3' . $extented_forum_menu_sufix; $design = new design($title, $hmenu, 1); $design->header(); $tpl->set_out('NAME', $name, 4); } $design->footer(); break; }
$rules .= '</table><br />'; } $rules .= '<input type="checkbox" name="rules" value="' . $lang['yes'] . '" />' . str_replace(array('<a target="_blank" href="index.php?rules">', '</a>'), '', $lang['rulzreaded']) . '<br />'; $tpl->set_out('RULES', $rules, 2); } $tpl->set('ANTISPAM', get_antispam('joinus', 100)); $tpl->out(3); } else { // eintragen $name = $xname; $userreg = $lang['no']; if (!loggedin() and $allgAr['forum_regist'] != 0) { $x = user_regist($name, $mail, genkey(8)); $userreg = $lang['yes']; } db_query("INSERT INTO `prefix_usercheck` (`check`,`name`,`datime`,`ak`,`groupid`) VALUES ('" . genkey(8) . "','" . $name . "',NOW(),4," . $squad . ")"); $squad = escape($squad, 'integer'); $abf = "SELECT `mod1`, `mod2`, `mod4`, `name` FROM `prefix_groups` WHERE `id` = " . $squad; $erg = db_query($abf); $row = db_fetch_assoc($erg); $rulz = isset($_POST['rules']) ? $_POST['rules'] : $lang['no']; $skill = $skill_ar[$skill]; // bitte in der richtigen reihenfolge angeben, sonst das nicht gehen tun, kann. $mailtxt = sprintf($lang['joinusprivmsg'], $name, $row['name'], $skill, $mail, $hometown, $age, $icqnumber, $favmap, $ground, $rulz, $userreg); // pm an den leader sendpm($_SESSION['authid'], $row['mod1'], 'Joinus Anfrage', $mailtxt, -1); // Wenn Co Leader != Leader if ($row['mod2'] != $row['mod1']) { sendpm($_SESSION['authid'], $row['mod2'], 'Joinus Anfrage', $mailtxt, -1); } if ($row['mod4'] != $row['mod1'] and $row['mod2'] != $row['mod4']) {
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) * @copyright (C) 2000-2010 ilch.de * @version $Id$ */ defined('main') or die('no direct access'); $title = $allgAr['title'] . ' :: Users :: Password Reminder'; $hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">Users</a><b> » </b> Password Reminder' . $extented_forum_menu_sufix; $design = new design($title, $hmenu, 1); $design->header(); $show = true; if (isset($_POST['email'])) { $email = get_lower(escape($_POST['email'], 'string')); $erg = db_query("SELECT `name` FROM `prefix_user` WHERE `email` = BINARY '" . $email . "'"); if (db_num_rows($erg) == 1) { $row = db_fetch_assoc($erg); $new_pass = genkey(8); $md5_pass = md5($new_pass); $id = md5(uniqid(rand())); db_query("INSERT INTO `prefix_usercheck` (`check`,`name`,`email`,`pass`,`datime`,`ak`)\n\t\tVALUES ('" . $id . "','" . $row['name'] . "','" . $email . "','" . $md5_pass . "',NOW(),2)"); $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"]; $confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id); $regmail = sprintf($lang['newpasswordmail'], $row['name'], $confirmlinktext, $new_pass); icmail($email, 'Password Reminder', $regmail); // email an user echo $lang['youhavereceivedaemail']; $show = false; } else { echo $lang['namenotfound']; } } if ($show) {
function user_regist($name, $mail, $pass) { global $allgAr, $lang; $name_clean = get_lower($name); $erg = db_query("SELECT `id` FROM `prefix_user` WHERE `name_clean` = BINARY '" . $name_clean . "'"); if (db_num_rows($erg) > 0) { return false; } $mail = get_lower($mail); $erg = db_query("SELECT `id` FROM `prefix_user` WHERE `email` = BINARY '" . $mail . "'"); if (db_num_rows($erg) > 0) { return false; } if ($allgAr['forum_regist_user_pass'] == 0) { $new_pass = genkey(8); } else { $new_pass = $pass; } $md5_pass = md5($new_pass); $confirmlinktext = ''; // confirm insert in confirm tb not confirm insert in user tb if ($allgAr['forum_regist_confirm_link'] == 1) { // confirm link + text ... bit of shit put it in languages file $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"]; $id = md5(uniqid(rand())); $confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id); db_query("INSERT INTO `prefix_usercheck` (`check`,`name`,`email`,`pass`,`datime`,`ak`)\r\n\t\tVALUES ('" . $id . "','" . $name . "','" . $mail . "','" . $md5_pass . "',NOW(),1)"); } else { db_query("INSERT INTO `prefix_user` (`name`,`name_clean`,`pass`,`recht`,`regist`,`llogin`,`email`,`status`,`opt_mail`,`opt_pm`)\r\n\t\tVALUES('" . $name . "','" . $name_clean . "','" . $md5_pass . "',-1,'" . time() . "','" . time() . "','" . $mail . "',1,1,1)"); $userid = db_last_id(); } $regmail = sprintf($lang['registemail'], $name, $confirmlinktext, $mail, $new_pass); icmail($mail, 'Anmeldung', $regmail); // email an user return true; }
<?php include "common.php"; session_start(); $conn = new mysqli($host, $username, $password, $dbname); if ($conn->connect_errno) { die('Could not connect: ' . $conn->connect_error); } if (empty($_SESSION["username"])) { header("location: login.html"); } $uname = $_SESSION["username"]; $newhash = genkey(); $query = "UPDATE {$usertablename} SET idhash='{$newhash}' WHERE username='******'"; $conn->query($query); echo "Server URL: " . $streamurl . $newhash . "<br>"; echo "<br><a href={$baseurl}/profile.php>Go back</a>";
$uid = escape($_POST['uID'], 'integer'); $altes_recht = db_result(db_query("SELECT recht FROM prefix_user WHERE id = " . $uid), 0); $neues_recht = escape($_POST['urecht'], 'integer'); if (($neues_recht <= $_SESSION['authright'] or $altes_recht <= $_SESSION['authright']) and $_SESSION['authid'] > 1) { $changeok = false; } if ($changeok and chk_antispam('adminuser', true)) { if (isset($_POST['userdel'])) { user_remove($uid); wd('?user', 'User wurde erfolgreich gelöscht'); } else { $abf = "SELECT * FROM prefix_user WHERE id = '" . $uid . "'"; $erg = db_query($abf); $row = db_fetch_object($erg); if (isset($_POST['passw'])) { $newPass = genkey(8); $newPassHash = user_pw_crypt($newPass); icmail($row->email, 'neues Password', "Hallo\n\nDein Password wurde soeben von einem Administrator gäendert es ist nun:\n\n{$newPass}\n\nGruß der Administrator"); db_query('UPDATE `prefix_user` SET pass = "******" WHERE id = "' . escape($_POST['uID'], 'integer') . '"'); } // avatar speichern START $avatar_sql_update = ''; if (!empty($_FILES['avatarfile']['name'])) { $file_tmpe = $_FILES['avatarfile']['tmp_name']; $rile_type = ic_mime_type($_FILES['avatarfile']['tmp_name']); $file_type = $_FILES['avatarfile']['type']; $file_size = $_FILES['avatarfile']['size']; $fmsg = $lang['avatarisnopicture']; $size = @getimagesize($file_tmpe); $endar = array(1 => 'gif', 2 => 'jpg', 3 => 'png'); if (($size[2] == 1 or $size[2] == 2 or $size[2] == 3) and $size[0] > 10 and $size[1] > 10 and substr($file_type, 0, 6) == 'image/' and substr($rile_type, 0, 6) == 'image/') {
$browser = $_SERVER["HTTP_USER_AGENT"]; $protocol = isset($_SERVER["HTTPS"]) ? "https://" : "http://"; $baseref = "{$protocol}{$webname}"; $modbase = "{$docroot}/tracker"; $_SESSION["docroot"] = $docroot; $_SESSION["scriptname"] = $scriptname; $_SESSION["webname"] = $webname; $_SESSION["baseref"] = $baseref; include_once "{$docroot}/baselib/baselib.php"; include_once "{$docroot}/baselib/iconfig.php"; include_once "{$docroot}/sql/checktables.php"; include_once "{$docroot}/view.php"; // we are in $dev $dev = true; $debug = false; $rnd = genkey(6); $shandle = initi("{$docroot}", $modbase); trackhit($shandle, $webname, $scriptname, "", "", "mysqli", false, $dev); // now let's make sure all tables exist check_tables($shandle, $docroot, $debug); // now we'll make set visable css attribute based on browser $btype = !isset($_SESSION["btype"]) ? strtolower(browsertype($browser)) : $_SESSION["btype"]; $block = $btype == "msie" ? "block" : "inline"; $_SESSION["browser"] = $btype; $_SESSION["shandle"] = $shandle; $_SESSION["debug"] = $debug; // check for authentication $logstate = (isset($_SESSION["logstate"]) and $_SESSION["logstate"] == "authenticated") ? "isauth" : "unauth"; $authtitle = (isset($_SESSION["logstate"]) and $_SESSION["logstate"] == "authenticated") ? "Login Authenticated" : "You must log in for access"; $nextact = getvardata("nextact", "home", 99); $_SESSION["nextact"] = $nextact;
function user_regist($name, $mail, $pass) { global $allgAr, $lang; $erg = db_query("SELECT id FROM prefix_user WHERE name = BINARY '" . $name . "'"); if (db_num_rows($erg) > 0) { return false; } if ($allgAr['forum_regist_user_pass'] == 0) { $new_pass = genkey(8); } else { $new_pass = $pass; } $passwordHash = user_pw_crypt($new_pass); $confirmlinktext = ''; # confirm insert in confirm tb not confirm insert in user tb if ($allgAr['forum_regist_confirm_link'] == 1) { # confirm link + text ... bit of shit put it in languages file $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"]; $id = md5(uniqid(rand())); $confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id); db_query("INSERT INTO prefix_usercheck (`check`,name,email,pass,datime,ak)\n\t\tVALUES ('" . $id . "','" . $name . "','" . $mail . "','" . $passwordHash . "',NOW(),1)"); } else { db_query("INSERT INTO prefix_user (name,pass,recht,regist,llogin,email,status,opt_mail,opt_pm)\n\t\tVALUES('" . $name . "','" . $passwordHash . "',-1,'" . time() . "','" . time() . "','" . $mail . "',1,1,1)"); $userid = db_last_id(); } $regmail = sprintf($lang['registemail'], $name, $confirmlinktext, $name, $new_pass); icmail($mail, 'Anmeldung', $regmail); # email an user return true; }
echo "Username too long"; echo "<br><a href={$baseurl}/register.html>Go back</a>"; die; } if (strlen($email) > 64) { echo "Email too long"; echo "<br><a href={$baseurl}/register.html>Go back</a>"; die; } $namequery = "SELECT username FROM {$usertablename} WHERE username = '******'"; $emailquery = "SELECT email FROM {$usertablename} WHERE email = '{$email}'"; $nameresult = $conn->query($namequery); $emailresult = $conn->query($emailquery); if (mysqli_num_rows($nameresult) >= 1) { echo "Duplicate username"; echo "<br><a href={$baseurl}/register.html>Go back</a>"; die; } if (mysqli_num_rows($emailresult) >= 1) { echo "Duplicate email"; echo "<br><a href={$baseurl}/register.html>Go back</a>"; die; } $idhash = genkey(); $query = "INSERT INTO {$usertablename} (username, email, password, idhash) VALUES ('{$username}', '{$email}', '{$password}', '{$idhash}')"; $conn->query($query); echo "Server URL: " . $streamurl . $idhash . "<br>"; echo "Play Path/Stream Key: " . $username; echo "<br><a href={$baseurl}/index.html>Main page</a>"; echo "<br><a href={$baseurl}/profile.php>User profile</a>"; die;
function writenewkeyfile($keyfile = "key/key.key") { $h = fopen($keyfile, "w"); fwrite($h, implode("\r\n", genkey()) . "\r\n"); }
function infobox() { $rnd = genkey(5); $baseref = $_SESSION["baseref"]; $allstylesrbtn = getvardata("allstylesrbtn", "no", 99); $checkyes = $allstylesrbtn == "yes" ? "checked" : ""; $checkno = $allstylesrbtn == "no" ? "checked" : ""; //echo "<!-- allstylesrbtn[$allstylesrbtn]-->\n"; echo "\t<div name='tbox' id='tbox' class='topbox'>\n"; echo "\t\t<table border=0 cellpadding=0 cellspacing=0><tr>\n"; echo "<td>activecss @ {$baseref}<span id='xxx'></span></td>"; echo "<td> </td>"; echo "<td>Show all Styles?</td>"; echo "<td> </td>"; echo "<td onclick=\"setallstyles('yes');\" class=\"rbtn midstyle\">Yes:<input type=radio name='allstylesrbtn' id='allstylesrbtn[yes]' value='yes' {$checkyes}></td>"; echo "<td onclick=\"setallstyles('no');\" class=\"rbtn midstyle\">No:<input type=radio name='allstylesrbtn' id='allstylesrbtn[no]' value='no' {$checkno}></td>"; echo "<td> </td>"; echo "<td>[{$rnd}]</td>"; echo "</tr></table>\n"; echo "\t</div>\n"; }
function answered($shandle, $username, $fullnane, $email) { $tpass = genkey(8); $upass = md5($tpass); $sql = "set password=\"{$upass}\" where username=\"{$username}\""; $sresult = mysql_query($sql, $shandle) or die("Cannot set password, contact site admin for assistance"); $subject = "Password reset"; $message = "Hello {$fullname}, your password has been reset to '{$tpass}' - please login and change your password as soon as you can.\n"; $headers = "From: alphageek@iworkere.com"; mail($email, $subject, $message, $headers); echo "Your password has been emailed to your address - please login and change your password as soon as you can<br/>\n"; echo "<input type=button name=qbtn id=qbtn value=\"Next ->\" onclick=\"go('login');\">\n"; }
<?php include "../../config/baselib.php"; include "../../config/config.php"; $modbase = "modules/login"; $_SESSION["modbase"] = $modbase; if (!isset($_SESSION["key"])) { session_start(); $_SESSION["key"] = genkey(10); } $key = $_SESSION["key"]; if (!isset($_SESSION["shandle"]) || $_SESSION["shandle"] == 0) { $_SESSION["shandle"] = modinit("../../"); } $nextact = getvardata("nextact", "view"); switch ($nextact) { case "view": showform(); break; case "login": dologin(); break; case "home": header("Location:./../../mobile.php"); } exit; ///////////////////////////////////////////////////////// // functions from here to eof ///////////////////////////////////////////////////////// function showform() {
$rules .= '</table><br />'; } $rules .= '<input type="checkbox" name="rules" value="' . $lang['yes'] . '" />' . str_replace(array('<a target="_blank" href="index.php?rules">', '</a>'), '', $lang['rulzreaded']) . '<br />'; $tpl->set_out('RULES', $rules, 2); } $tpl->set('ANTISPAM', get_antispam('joinus', 100)); $tpl->out(3); } else { # eintragen $name = $xname; $userreg = $lang['no']; if (!loggedin() and $allgAr['forum_regist'] != 0) { $x = user_regist($name, $mail, genkey(8)); $userreg = $lang['yes']; } db_query("INSERT INTO prefix_usercheck (`check`,name,datime,ak,groupid) VALUES ('" . genkey(8) . "','" . $name . "',NOW(),4,{$squad})"); $squad = escape($squad, 'integer'); $abf = "SELECT `mod1`, `mod2`, `mod4`, name FROM prefix_groups WHERE id = " . $squad; $erg = db_query($abf); $row = db_fetch_assoc($erg); $rulz = isset($_POST['rules']) ? $_POST['rules'] : $lang['no']; $skill = $skill_ar[$skill]; # bitte in der richtigen reihenfolge angeben, sonst das nicht gehen tun, kann. $mailtxt = sprintf($lang['joinusprivmsg'], $name, $row['name'], $skill, $mail, $hometown, $age, $icqnumber, $favmap, $ground, $rulz, $userreg); # pm an den leader sendpm($_SESSION['authid'], $row['mod1'], 'Joinus Anfrage', $mailtxt, -1); # Wenn Co Leader != Leader if ($row['mod2'] != $row['mod1']) { sendpm($_SESSION['authid'], $row['mod2'], 'Joinus Anfrage', $mailtxt, -1); } if ($row['mod4'] != $row['mod1'] and $row['mod2'] != $row['mod4']) {
/** * handles a new request * * @param string $key * @param clsMailMsg $oMSG * @param array $config * @return bool */ function request_new($key, $oMSG, $config) { if (($stds = msg_std($oMSG)) === false) { return false; } list($compname, $ipaddr, $bustel, $fromwho, $email) = $stds; /* locate customer/supplier */ if ($fromwho == "supp") { $suppid = locateSupplier($compname); $custid = 0; } else { // $fromwho == "cust" $custid = locateCustomer($compname); $suppid = 0; } print "name: {$compname}\n"; print "ipaddr: {$ipaddr}\n"; print "bustel: {$bustel}\n"; print "fromwho: {$fromwho}\n"; print "custid: {$custid}\n"; print "suppid: {$suppid}\n"; /* check if company name and key is in list */ $qry = new dbSelect("keys", "trh", grp(m("cols", "1"), m("where", "{$fromwho}id='" . ${"{$fromwho}id"} . "' AND (key).send_key='{$key}'"))); $qry->run(); if ($qry->num_rows() > 0) { print "---> KEY EXISTS, ignoring\n"; return false; } $qry->free(); print "from email: {$email}\n"; /* generate a key for receiving for client */ $newkey = genkey(); /* add new key to system */ $cols = grp(m("userid", $config["MANAGEUSER"]), m("introtime", raw("CURRENT_TIMESTAMP")), m("introip", $ipaddr), m("email", $email), m("compname", $compname), m("bustel", $bustel), m("custid", $custid), m("suppid", $suppid), m("key", dbrow("0.0.0.0/0", $key, $newkey))); $upd = new dbUpdate("keys", "trh", $cols); $upd->run(DB_INSERT); $upd->free(); if ($custid == -1 && $suppid == -1) { $desc = $fromwho == "supp" ? "supplier" : "customer"; $userinfo = qryUsers($config["MANAGEUSER"]); msgSend($userinfo["username"], "Unknown {$desc} requested Transheks communication. \n\t\t\tClick <a target='mainframe' href=\"../transheks/commapprove.php\">here</a> to view."); return false; } else { /* send response */ return send_trhmsg($fromwho, ${"{$fromwho}id"}, $email, "rspkey", "{$newkey}", $config); } }