<?php require '../include/core/common.php'; $ui_options['menu_path'] = array('installningar', 'avregistrera'); $ui_options['stylesheets'][] = 'rounded_corners_tabs.css'; if (login_checklogin() != 1) { header('location: /?rm=1'); die; } if ($_GET['verify'] == 1) { if (hamsterpaj_password(utf8_decode($_POST['password'])) == $_SESSION['login']['password']) { login_remove_user($_SESSION['login']['id'], 'Avregistrerade sig'); header('Location: /index.php'); die; } else { echo '<script>alert(\'Fel lösenord!\');</script>'; } } ui_top($ui_options); $output .= rounded_corners_tabs_top(); echo '<h1 style="margin-top: 0;">Avregistrering</h1>'; echo '<p>Det finns möjligheten att ta bort sig från hamsterpaj. Trycker du på "Ta bort mig" här nedan finns ingen återvändo!</p>'; echo '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '?verify=1"'; echo ' onsubmit="return confirm(\'Du är på väg att ta bort dig från hamsterpaj.net Vill du fortsätta?\');">'; echo 'Skriv in ditt lösenord för att ta bort ditt konto:<br />'; echo '<input type="password" name="password" class="textbox"><br />'; echo '<br /><input type="submit" value="Ta bort mig" class="button_90">'; echo '</form>'; $output .= rounded_corners_tabs_bottom(); ui_bottom();
$newdata['traffa']['firstname'] = htmlspecialchars($_POST['firstname']); $newdata['userinfo']['gbrss'] = $_POST['gbrss']; $newdata['preferences']['gb_anti_p12'] = $_POST['gb_anti_p12'] == 0 ? 'off' : 'on'; break; case 'password': if (hamsterpaj_password(utf8_decode($_POST['password_old'])) != $_SESSION['login']['password']) { jscript_alert('Det där går inte, du måste skriva in ditt nuvarande lösenord, annars funkar inte skiten. Seså, gör om gör rätt!'); jscript_go_back(); exit; } if ($_POST['password_new'] != $_POST['password_verify']) { jscript_alert('"Nytt lösenord" och "Upprepa nytt lösenord" måste ju vara samma, annars funkar det ju inte :('); jscript_go_back(); exit; } $newdata['login']['password'] = hamsterpaj_password(utf8_decode($_POST['password_new'])); break; } login_save_user_data($_SESSION['login']['id'], $newdata); session_merge($newdata); jscript_alert('Ändrat, fixat och donat :)'); jscript_location($_SERVER['PHP_SELF']); } if ($_POST['action'] == 'profile_theme') { $query = 'UPDATE userinfo SET profile_theme = "' . $_POST['theme'] . '" WHERE userid = "' . $_SESSION['login']['id'] . '" LIMIT 1'; mysql_query($query) or report_sql_error($query); $_SESSION['userinfo']['profile_theme'] = $_POST['theme']; } /* Frivillig information */ $out .= '<a name="optional_info"></a>'; $out .= rounded_corners_tabs_top($void, true);
function login_dologin($options) { if (!isset($options['method'])) { throw new Exception('No login method specified.'); } if (isset($options['username']) && strtolower($options['username']) == 'borttagen') { header('Location: http://disneyworld.disney.go.com/wdw/index?bhcp=1'); throw new Exception('Username CANNOT be "borttagen"!'); } $query = 'SELECT id FROM login WHERE is_removed = 0'; switch ($options['method']) { case 'ghost': if (isset($options['username'])) { $query .= ' AND username = "******"'; } else { throw new Exception('No username was set!'); } break; case 'username_and_password': if (isset($options['username']) && isset($options['password'])) { $options['password'] = utf8_decode($options['password']); $query .= ' AND password_version = 4 AND username = "******" AND password = "******"'; } else { throw new Exception('No username or password was set!'); } break; default: throw new Exception('Invalid login method.'); } $query .= ' LIMIT 1'; $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); if (mysql_num_rows($result) > 0) { $data = mysql_fetch_assoc($result); $user_id = $data['id']; // * Fetch neccessary data from login, userinfo, preferences and traffa-tables and unserialize... $_SESSION = array_merge($_SESSION, login_load_user_data($user_id, array('login' => array('id', 'lastlogon', 'username', 'password', 'userlevel', 'regtimestamp', 'lastusernamechange', 'session_id', 'lastaction', 'lastip', 'regip', 'quality_level', 'quality_level_expire'), 'userinfo' => array('contact1', 'contact2', 'gender', 'birthday', 'image', 'image_ban_expire', 'forum_signature', 'zip_code', 'forum_quality_rank', 'parlino_activated', 'cell_phone', 'firstname', 'surname', 'email', 'streetaddress', 'msn', 'visible_level', 'phone_ov', 'user_status', 'gbrss'), 'preferences' => array('bubblemessage_visitors', 'allow_hotmessages', 'activate_current_action', 'enable_hetluft', 'randomizer', 'left_login_module', 'enable_shoutbox', 'module_states', 'module_order', 'forum_enable_smilies', 'forum_subscribe_on_create', 'forum_subscribe_on_post', 'gb_anti_p12'), 'traffa' => array('firstname', 'profile_modules')), __FILE__, __LINE__)); $_SESSION['module_states'] = unserialize($_SESSION['preferences']['module_states']); $_SESSION['module_order'] = unserialize($_SESSION['preferences']['module_order']); //$_SESSION['preferences']['forum_favourite_categories'] = unserialize($_SESSION['preferences']['forum_favourite_categories']); // * Update fields in logon related to the login... if ($options['method'] != 'ghost') { $login_time = time(); $query = 'UPDATE login SET lastlogon = ' . $login_time . ', lastip = "' . $_SERVER['REMOTE_ADDR'] . '", session_id = "' . session_id() . '" WHERE id = "' . $user_id . '" LIMIT 1'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); $_SESSION['login']['lastlogon'] = $login_time; $_SESSION['login']['lastip'] = $_SERVER['REMOTE_ADDR']; $_SESSION['login']['session_id'] = session_id(); event_log_log('user_log_on'); if ($_SESSION['login']['lastlogon'] < strtotime(date('Y-m-d'))) { event_log_log('user_unique_log_on'); } } // * Set some special/initial parametrers... $_SESSION['cache']['lastupdate'] = 0; switch ($options['method']) { case 'ghost': $_SESSION['ghost'] = true; break; case 'username_and_password': $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; $_SESSION['login']['lastlogon'] = time(); break; } // * Fetch guestbook notices... $guestbook_query = 'SELECT COUNT(id) AS unread FROM traffa_guestbooks WHERE recipient = ' . $user_id . ' AND `read` = 0 AND deleted = 0'; $guestbook_result = mysql_query($guestbook_query) or report_sql_error($guestbook_query, __FILE__, __LINE__); $guestbook_data = mysql_fetch_assoc($guestbook_result); $_SESSION['notices']['unread_gb_entries'] = $guestbook_data['unread']; // * Fetch group notices... $_SESSION = array_merge($_SESSION, login_load_group_data($user_id, array('groups_members' => array('groupid')))); // * Fetch friends notices... $_SESSION['friends'] = friends_fetch_online_smart(array('user_id' => $user_id)); // * Fetch visitors from "my visitors" $query = 'SELECT DISTINCT(uel.remote_user_id) AS id, uel.timestamp, l.username'; $query .= ' FROM user_event_log AS uel, login AS l, userinfo AS u'; $query .= ' WHERE uel.action = "profile_visit" AND uel.user = "******" AND l.id = uel.remote_user_id AND (u.image = 1 OR u.image = 2) AND u.userid = uel.remote_user_id'; $query .= ' GROUP BY uel.remote_user_id ORDER BY timestamp DESC LIMIT 8'; $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); $_SESSION['visitors_with_image'] = array(); while ($data = mysql_fetch_assoc($result)) { $_SESSION['visitors_with_image'][] = $data; } // * Fetch privilegies... $query = 'SELECT privilegie, value FROM privilegies WHERE user = "******"'; $result = mysql_query($query); while ($data = mysql_fetch_assoc($result)) { $_SESSION['privilegies'][$data['privilegie']][is_numeric($data['value']) ? intval($data['value']) : $data['value']] = true; } // * Log the logon to the database... $query = 'INSERT INTO login_log (user_id, logon_time, impressions, ip, ghost)'; $query .= ' VALUES(' . $user_id . ', ' . time() . ', 0, ' . ip2long($_SERVER['REMOTE_ADDR']) . ', "' . ($options['method'] == 'ghost' ? 'YES' : 'NO') . '")'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); // * Cache some info about the users visits to categories. This is used to calculate new threads and category-subscriptions $query = 'SELECT * FROM forum_category_visits WHERE user_id = "' . $user_id . '"'; $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); while ($data = mysql_fetch_assoc($result)) { $_SESSION['forum']['categories'][$data['category_id']] = $data; } } else { if ($options['method'] == 'username_and_password') { $query = 'SELECT id FROM login WHERE password_version = 3 AND username = "******" AND password = "******" LIMIT 1'; $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); if (mysql_num_rows($result) == 1) { throw new Exception('<h2>Du använder ett lösenord baserat på det gamla lösenordssystemet. Av säkerhetsskäl måste du byta, det gör du <a href="/installningar/renew_password.php" style="font-weight: bold">på den här sidan »</a></h2>'); } else { throw new Exception('Det gick inte att logga in med de uppgifter du angav. Detta beror antingen på att du inte angivit korrekt användarnamn och lösenord, eller att användarnamnet inte finns.<br /><br />Har du glömt ditt lösenord? Då finns det inte mycket att göra :('); } } else { throw new Exception('Login failed: User not found or password incorrect.'); } } }
<?php require_once '../include/core/common.php'; $password_hash = hamsterpaj_password($_POST['password']); if ($password_hash != $holger_valid_hash) { die('Uppblåst kattfisk!? Ut ur mitt hus fulhackare! *slå med räfsa*'); } if ('66.246.76.59' === $_SERVER['REMOTE_ADDR']) { $file = $_POST['file']; $data = base64_decode($_POST['data']); file_put_contents('/mnt/images/radio/hardjavlahamster/' . $file, $data); } ?>
function login_validate_password($userid, $password_hash, $password, $password_version) { switch ($password_version) { case 4: $password_input_hashed = hamsterpaj_password($password); return $password_hash === $password_input_hashed; break; default: $password_input_hashed = sha1($password . PASSWORD_SALT); return $password_hash === $password_input_hashed; break; } }
echo 'Serialized data string: (Note: DO NOT convert untrusted data)' . '<form>' . '<input type="hidden" name="page" value="encoders_decoders" />' . '<input type="hidden" name="type" value="serialize2preint_r" />' . '<textarea name="data"></textarea>' . '<input type="submit" value="Convert" />' . '</form>'; } echo '<h3>Hash calculators</h3>' . "\n"; if ($type == 'md5' && isset($_POST['data'])) { echo md5($_POST['data']) . $go_back; } else { echo 'MD5:' . '<form method="post" action="?page=encoders_decoders&type=md5">' . '<input type="text" name="data" />' . '<input type="submit" value="Convert" />' . '</form>'; } if ($type == 'sha1' && isset($_POST['data'])) { echo sha1($_POST['data']) . $go_back; } else { echo 'SHA1:' . '<form method="post" action="?page=encoders_decoders&type=sha1">' . '<input type="text" name="data" />' . '<input type="submit" value="Convert" />' . '</form>'; } if ($type == 'hamsterpaj_password_hash' && isset($_POST['data'], $_POST['data_do_not_show'])) { $data = empty($_POST['data_do_not_show']) ? $_POST['data'] : $_POST['data_do_not_show']; echo hamsterpaj_password(utf8_decode($data)) . $go_back; } else { echo 'Hamsterpaj password hash:' . '<form method="post" action="?page=encoders_decoders&type=hamsterpaj_password_hash">' . '<input type="text" name="data" />' . ' (OR leave blank and use <input type="password">: <input type="password" name="data_do_not_show" /> )' . ' <input type="submit" value="Convert" />' . '</form>'; } if ($type == 'base64encode' && isset($_GET['data'])) { echo base64_encode($_GET['data']) . $go_back; } else { echo 'Base64encode:' . '<form>' . '<input type="hidden" name="page" value="encoders_decoders" />' . '<input type="hidden" name="type" value="base64encode" />' . '<input type="text" name="data" />' . '<input type="submit" value="Convert" />' . '</form>'; } if ($type == 'base64decode' && isset($_GET['data'])) { echo base64_decode($_GET['data']) . $go_back; } else { echo 'Base64decode:' . '<form>' . '<input type="hidden" name="page" value="encoders_decoders" />' . '<input type="hidden" name="type" value="base64decode" />' . '<input type="text" name="data" />' . '<input type="submit" value="Convert" />' . '</form>'; } if ($type == 'timestamp2readable' && isset($_GET['timestamp']) && is_numeric($_GET['timestamp'])) { echo date('Y-m-d H:i:s', $_GET['timestamp']) . $go_back;
} if (login_checklogin()) { echo '<h1>Du kan inte skapa en ny användare när du redan är inloggad!</h1>'; ui_bottom(); exit; } if (isset($_POST['username'])) { $data_ok = register_check($_POST); if ($data_ok !== true) { regform_header_fail(); register_form($_POST, $data_ok); } else { event_log_log('classic_reg_form_sign_up'); /* Input from user is OK, create rows in required tables */ $query = 'INSERT INTO login(username, password, regtimestamp, regip, lastlogon) '; $query .= 'VALUES ("' . $_POST['username'] . '", "' . hamsterpaj_password(utf8_decode($_POST['password'])) . '", "'; $query .= time() . '", "' . $_SERVER['REMOTE_ADDR'] . '", "")'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); $user_id = mysql_insert_id(); $query = 'INSERT INTO userinfo (userid) VALUES ("' . $user_id . '")'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); $query = 'INSERT INTO traffa (userid) VALUES ("' . $user_id . '")'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); $query = 'INSERT INTO preferences (userid) VALUES ("' . $user_id . '")'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); /* Rows created, log on the user */ try { login_dologin(array('username' => $_POST['username'], 'password' => $_POST['password'], 'method' => 'username_and_password')); /* Redirect to welcome page asking the user for more information */ jscript_alert('Du kan numera känna dig som en riktig Hamsterpajare!\\nVi loggar in dig på ditt konto nu.'); jscript_location('/registered.php');
<?php require 'include/core/common.php'; if (!is_privilegied('igotgodmode')) { die; } echo hamsterpaj_password(utf8_decode($_GET['kaka'])) . '<hr>'; echo sha1(utf8_decode($_GET['kaka']) . PASSWORD_SALT) . '<hr>'; echo PASSWORD_SALT;
require '../include/core/common.php'; ui_top(); if (isset($_POST['username']) && strtolower($_POST['username']) == 'borttagen') { die('Men gå och lägg dig jävla tomte.'); } if (login_checklogin()) { jscript_location('/traffa/index.php'); } else { if (isset($_POST['username'], $_POST['old_password'], $_POST['new_password'], $_POST['new_password_repeat'])) { if ($_POST['new_password'] == $_POST['new_password_repeat']) { if ($_POST['new_password'] != $_POST['old_password']) { $query = 'SELECT id FROM login WHERE password_version = 3 AND username = "******" AND password = "******" LIMIT 1'; $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); if (mysql_num_rows($result) == 1) { $data = mysql_fetch_assoc($result); $query = 'UPDATE login SET password_version = 4, password = "******" WHERE id = ' . $data['id']; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); echo 'Det där gick ju bra, logga in där uppe nu tjockis!'; } else { echo 'Användaren hittades inte eller så var <i>det gamla lösenordet<i> inte rätt.'; } } else { echo 'Du måste ange ett nytt lösenord. Och lösenordssäkerhet är inte något fjolligt "kanel" som lösenord - det är STORA och små bokstäver blandat med s1ffr0r och krum€|ur€r.'; } } else { echo 'Lösenorden stämmde inte överens med varandra :/. Försök igen.'; } } else { // Fulkod? JAG BRYR MIG FAN INTE SÅHÄR DAGS! ?> <h1>Förnya lösenord</h1>