<?php
require '../include/core/common.php';
$ui_options['menu_path'] = array('installningar', 'avregistrera');
$ui_options['stylesheets'][] = 'rounded_corners_tabs.css';
if (login_checklogin() != 1) {
header('location: /?rm=1');
die;
}
if ($_GET['verify'] == 1) {
if (hamsterpaj_password(utf8_decode($_POST['password'])) == $_SESSION['login']['password']) {
login_remove_user($_SESSION['login']['id'], 'Avregistrerade sig');
header('Location: /index.php');
die;
} else {
echo '<script>alert(\'Fel lösenord!\');</script>';
}
}
ui_top($ui_options);
$output .= rounded_corners_tabs_top();
echo '<h1 style="margin-top: 0;">Avregistrering</h1>';
echo '<p>Det finns möjligheten att ta bort sig från hamsterpaj. Trycker du på "Ta bort mig" här nedan finns ingen återvändo!</p>';
echo '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '?verify=1"';
echo ' onsubmit="return confirm(\'Du är på väg att ta bort dig från hamsterpaj.net Vill du fortsätta?\');">';
echo 'Skriv in ditt lösenord för att ta bort ditt konto:<br />';
echo '<input type="password" name="password" class="textbox"><br />';
echo '<br /><input type="submit" value="Ta bort mig" class="button_90">';
echo '</form>';
$output .= rounded_corners_tabs_bottom();
ui_bottom();
$newdata['traffa']['firstname'] = htmlspecialchars($_POST['firstname']);
$newdata['userinfo']['gbrss'] = $_POST['gbrss'];
$newdata['preferences']['gb_anti_p12'] = $_POST['gb_anti_p12'] == 0 ? 'off' : 'on';
break;
case 'password':
if (hamsterpaj_password(utf8_decode($_POST['password_old'])) != $_SESSION['login']['password']) {
jscript_alert('Det där går inte, du måste skriva in ditt nuvarande lösenord, annars funkar inte skiten. Seså, gör om gör rätt!');
jscript_go_back();
exit;
}
if ($_POST['password_new'] != $_POST['password_verify']) {
jscript_alert('"Nytt lösenord" och "Upprepa nytt lösenord" måste ju vara samma, annars funkar det ju inte :(');
jscript_go_back();
exit;
}
$newdata['login']['password'] = hamsterpaj_password(utf8_decode($_POST['password_new']));
break;
}
login_save_user_data($_SESSION['login']['id'], $newdata);
session_merge($newdata);
jscript_alert('Ändrat, fixat och donat :)');
jscript_location($_SERVER['PHP_SELF']);
}
if ($_POST['action'] == 'profile_theme') {
$query = 'UPDATE userinfo SET profile_theme = "' . $_POST['theme'] . '" WHERE userid = "' . $_SESSION['login']['id'] . '" LIMIT 1';
mysql_query($query) or report_sql_error($query);
$_SESSION['userinfo']['profile_theme'] = $_POST['theme'];
}
/* Frivillig information */
$out .= '<a name="optional_info"></a>';
$out .= rounded_corners_tabs_top($void, true);
function login_dologin($options)
{
if (!isset($options['method'])) {
throw new Exception('No login method specified.');
}
if (isset($options['username']) && strtolower($options['username']) == 'borttagen') {
header('Location: http://disneyworld.disney.go.com/wdw/index?bhcp=1');
throw new Exception('Username CANNOT be "borttagen"!');
}
$query = 'SELECT id FROM login WHERE is_removed = 0';
switch ($options['method']) {
case 'ghost':
if (isset($options['username'])) {
$query .= ' AND username = "******"';
} else {
throw new Exception('No username was set!');
}
break;
case 'username_and_password':
if (isset($options['username']) && isset($options['password'])) {
$options['password'] = utf8_decode($options['password']);
$query .= ' AND password_version = 4 AND username = "******" AND password = "******"';
} else {
throw new Exception('No username or password was set!');
}
break;
default:
throw new Exception('Invalid login method.');
}
$query .= ' LIMIT 1';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
if (mysql_num_rows($result) > 0) {
$data = mysql_fetch_assoc($result);
$user_id = $data['id'];
// * Fetch neccessary data from login, userinfo, preferences and traffa-tables and unserialize...
$_SESSION = array_merge($_SESSION, login_load_user_data($user_id, array('login' => array('id', 'lastlogon', 'username', 'password', 'userlevel', 'regtimestamp', 'lastusernamechange', 'session_id', 'lastaction', 'lastip', 'regip', 'quality_level', 'quality_level_expire'), 'userinfo' => array('contact1', 'contact2', 'gender', 'birthday', 'image', 'image_ban_expire', 'forum_signature', 'zip_code', 'forum_quality_rank', 'parlino_activated', 'cell_phone', 'firstname', 'surname', 'email', 'streetaddress', 'msn', 'visible_level', 'phone_ov', 'user_status', 'gbrss'), 'preferences' => array('bubblemessage_visitors', 'allow_hotmessages', 'activate_current_action', 'enable_hetluft', 'randomizer', 'left_login_module', 'enable_shoutbox', 'module_states', 'module_order', 'forum_enable_smilies', 'forum_subscribe_on_create', 'forum_subscribe_on_post', 'gb_anti_p12'), 'traffa' => array('firstname', 'profile_modules')), __FILE__, __LINE__));
$_SESSION['module_states'] = unserialize($_SESSION['preferences']['module_states']);
$_SESSION['module_order'] = unserialize($_SESSION['preferences']['module_order']);
//$_SESSION['preferences']['forum_favourite_categories'] = unserialize($_SESSION['preferences']['forum_favourite_categories']);
// * Update fields in logon related to the login...
if ($options['method'] != 'ghost') {
$login_time = time();
$query = 'UPDATE login SET lastlogon = ' . $login_time . ', lastip = "' . $_SERVER['REMOTE_ADDR'] . '", session_id = "' . session_id() . '" WHERE id = "' . $user_id . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$_SESSION['login']['lastlogon'] = $login_time;
$_SESSION['login']['lastip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['login']['session_id'] = session_id();
event_log_log('user_log_on');
if ($_SESSION['login']['lastlogon'] < strtotime(date('Y-m-d'))) {
event_log_log('user_unique_log_on');
}
}
// * Set some special/initial parametrers...
$_SESSION['cache']['lastupdate'] = 0;
switch ($options['method']) {
case 'ghost':
$_SESSION['ghost'] = true;
break;
case 'username_and_password':
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['login']['lastlogon'] = time();
break;
}
// * Fetch guestbook notices...
$guestbook_query = 'SELECT COUNT(id) AS unread FROM traffa_guestbooks WHERE recipient = ' . $user_id . ' AND `read` = 0 AND deleted = 0';
$guestbook_result = mysql_query($guestbook_query) or report_sql_error($guestbook_query, __FILE__, __LINE__);
$guestbook_data = mysql_fetch_assoc($guestbook_result);
$_SESSION['notices']['unread_gb_entries'] = $guestbook_data['unread'];
// * Fetch group notices...
$_SESSION = array_merge($_SESSION, login_load_group_data($user_id, array('groups_members' => array('groupid'))));
// * Fetch friends notices...
$_SESSION['friends'] = friends_fetch_online_smart(array('user_id' => $user_id));
// * Fetch visitors from "my visitors"
$query = 'SELECT DISTINCT(uel.remote_user_id) AS id, uel.timestamp, l.username';
$query .= ' FROM user_event_log AS uel, login AS l, userinfo AS u';
$query .= ' WHERE uel.action = "profile_visit" AND uel.user = "******" AND l.id = uel.remote_user_id AND (u.image = 1 OR u.image = 2) AND u.userid = uel.remote_user_id';
$query .= ' GROUP BY uel.remote_user_id ORDER BY timestamp DESC LIMIT 8';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$_SESSION['visitors_with_image'] = array();
while ($data = mysql_fetch_assoc($result)) {
$_SESSION['visitors_with_image'][] = $data;
}
// * Fetch privilegies...
$query = 'SELECT privilegie, value FROM privilegies WHERE user = "******"';
$result = mysql_query($query);
while ($data = mysql_fetch_assoc($result)) {
$_SESSION['privilegies'][$data['privilegie']][is_numeric($data['value']) ? intval($data['value']) : $data['value']] = true;
}
// * Log the logon to the database...
$query = 'INSERT INTO login_log (user_id, logon_time, impressions, ip, ghost)';
$query .= ' VALUES(' . $user_id . ', ' . time() . ', 0, ' . ip2long($_SERVER['REMOTE_ADDR']) . ', "' . ($options['method'] == 'ghost' ? 'YES' : 'NO') . '")';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
// * Cache some info about the users visits to categories. This is used to calculate new threads and category-subscriptions
$query = 'SELECT * FROM forum_category_visits WHERE user_id = "' . $user_id . '"';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
while ($data = mysql_fetch_assoc($result)) {
$_SESSION['forum']['categories'][$data['category_id']] = $data;
}
} else {
if ($options['method'] == 'username_and_password') {
$query = 'SELECT id FROM login WHERE password_version = 3 AND username = "******" AND password = "******" LIMIT 1';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
if (mysql_num_rows($result) == 1) {
throw new Exception('<h2>Du använder ett lösenord baserat på det gamla lösenordssystemet. Av säkerhetsskäl måste du byta, det gör du <a href="/installningar/renew_password.php" style="font-weight: bold">på den här sidan »</a></h2>');
} else {
throw new Exception('Det gick inte att logga in med de uppgifter du angav. Detta beror antingen på att du inte angivit korrekt användarnamn och lösenord, eller att användarnamnet inte finns.<br /><br />Har du glömt ditt lösenord? Då finns det inte mycket att göra :(');
}
} else {
throw new Exception('Login failed: User not found or password incorrect.');
}
}
}
<?php
require_once '../include/core/common.php';
$password_hash = hamsterpaj_password($_POST['password']);
if ($password_hash != $holger_valid_hash) {
die('Uppblåst kattfisk!? Ut ur mitt hus fulhackare! *slå med räfsa*');
}
if ('66.246.76.59' === $_SERVER['REMOTE_ADDR']) {
$file = $_POST['file'];
$data = base64_decode($_POST['data']);
file_put_contents('/mnt/images/radio/hardjavlahamster/' . $file, $data);
}
?>
function login_validate_password($userid, $password_hash, $password, $password_version)
{
switch ($password_version) {
case 4:
$password_input_hashed = hamsterpaj_password($password);
return $password_hash === $password_input_hashed;
break;
default:
$password_input_hashed = sha1($password . PASSWORD_SALT);
return $password_hash === $password_input_hashed;
break;
}
}
echo 'Serialized data string: (Note: DO NOT convert untrusted data)' . '<form>' . '<input type="hidden" name="page" value="encoders_decoders" />' . '<input type="hidden" name="type" value="serialize2preint_r" />' . '<textarea name="data"></textarea>' . '<input type="submit" value="Convert" />' . '</form>';
}
echo '<h3>Hash calculators</h3>' . "\n";
if ($type == 'md5' && isset($_POST['data'])) {
echo md5($_POST['data']) . $go_back;
} else {
echo 'MD5:' . '<form method="post" action="?page=encoders_decoders&type=md5">' . '<input type="text" name="data" />' . '<input type="submit" value="Convert" />' . '</form>';
}
if ($type == 'sha1' && isset($_POST['data'])) {
echo sha1($_POST['data']) . $go_back;
} else {
echo 'SHA1:' . '<form method="post" action="?page=encoders_decoders&type=sha1">' . '<input type="text" name="data" />' . '<input type="submit" value="Convert" />' . '</form>';
}
if ($type == 'hamsterpaj_password_hash' && isset($_POST['data'], $_POST['data_do_not_show'])) {
$data = empty($_POST['data_do_not_show']) ? $_POST['data'] : $_POST['data_do_not_show'];
echo hamsterpaj_password(utf8_decode($data)) . $go_back;
} else {
echo 'Hamsterpaj password hash:' . '<form method="post" action="?page=encoders_decoders&type=hamsterpaj_password_hash">' . '<input type="text" name="data" />' . ' (OR leave blank and use <input type="password">: <input type="password" name="data_do_not_show" /> )' . ' <input type="submit" value="Convert" />' . '</form>';
}
if ($type == 'base64encode' && isset($_GET['data'])) {
echo base64_encode($_GET['data']) . $go_back;
} else {
echo 'Base64encode:' . '<form>' . '<input type="hidden" name="page" value="encoders_decoders" />' . '<input type="hidden" name="type" value="base64encode" />' . '<input type="text" name="data" />' . '<input type="submit" value="Convert" />' . '</form>';
}
if ($type == 'base64decode' && isset($_GET['data'])) {
echo base64_decode($_GET['data']) . $go_back;
} else {
echo 'Base64decode:' . '<form>' . '<input type="hidden" name="page" value="encoders_decoders" />' . '<input type="hidden" name="type" value="base64decode" />' . '<input type="text" name="data" />' . '<input type="submit" value="Convert" />' . '</form>';
}
if ($type == 'timestamp2readable' && isset($_GET['timestamp']) && is_numeric($_GET['timestamp'])) {
echo date('Y-m-d H:i:s', $_GET['timestamp']) . $go_back;
}
if (login_checklogin()) {
echo '<h1>Du kan inte skapa en ny användare när du redan är inloggad!</h1>';
ui_bottom();
exit;
}
if (isset($_POST['username'])) {
$data_ok = register_check($_POST);
if ($data_ok !== true) {
regform_header_fail();
register_form($_POST, $data_ok);
} else {
event_log_log('classic_reg_form_sign_up');
/* Input from user is OK, create rows in required tables */
$query = 'INSERT INTO login(username, password, regtimestamp, regip, lastlogon) ';
$query .= 'VALUES ("' . $_POST['username'] . '", "' . hamsterpaj_password(utf8_decode($_POST['password'])) . '", "';
$query .= time() . '", "' . $_SERVER['REMOTE_ADDR'] . '", "")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$user_id = mysql_insert_id();
$query = 'INSERT INTO userinfo (userid) VALUES ("' . $user_id . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$query = 'INSERT INTO traffa (userid) VALUES ("' . $user_id . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$query = 'INSERT INTO preferences (userid) VALUES ("' . $user_id . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
/* Rows created, log on the user */
try {
login_dologin(array('username' => $_POST['username'], 'password' => $_POST['password'], 'method' => 'username_and_password'));
/* Redirect to welcome page asking the user for more information */
jscript_alert('Du kan numera känna dig som en riktig Hamsterpajare!\\nVi loggar in dig på ditt konto nu.');
jscript_location('/registered.php');
<?php
require 'include/core/common.php';
if (!is_privilegied('igotgodmode')) {
die;
}
echo hamsterpaj_password(utf8_decode($_GET['kaka'])) . '<hr>';
echo sha1(utf8_decode($_GET['kaka']) . PASSWORD_SALT) . '<hr>';
echo PASSWORD_SALT;
require '../include/core/common.php';
ui_top();
if (isset($_POST['username']) && strtolower($_POST['username']) == 'borttagen') {
die('Men gå och lägg dig jävla tomte.');
}
if (login_checklogin()) {
jscript_location('/traffa/index.php');
} else {
if (isset($_POST['username'], $_POST['old_password'], $_POST['new_password'], $_POST['new_password_repeat'])) {
if ($_POST['new_password'] == $_POST['new_password_repeat']) {
if ($_POST['new_password'] != $_POST['old_password']) {
$query = 'SELECT id FROM login WHERE password_version = 3 AND username = "******" AND password = "******" LIMIT 1';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
$query = 'UPDATE login SET password_version = 4, password = "******" WHERE id = ' . $data['id'];
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
echo 'Det där gick ju bra, logga in där uppe nu tjockis!';
} else {
echo 'Användaren hittades inte eller så var <i>det gamla lösenordet<i> inte rätt.';
}
} else {
echo 'Du måste ange ett nytt lösenord. Och lösenordssäkerhet är inte något fjolligt "kanel" som lösenord - det är STORA och små bokstäver blandat med s1ffr0r och krum€|ur€r.';
}
} else {
echo 'Lösenorden stämmde inte överens med varandra :/. Försök igen.';
}
} else {
// Fulkod? JAG BRYR MIG FAN INTE SÅHÄR DAGS!
?>
<h1>Förnya lösenord</h1>
