$newpassword = pass_the_salt(30);
if ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) {
stderr($language["ERROR"], $language["ERR_PASS_TOO_WEAK_1A"] . ":<br /><br />" . ($pass_min_req[1] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[1] . "</span> " . ($pass_min_req[1] == 1 ? $language["ERR_PASS_TOO_WEAK_2"] : $language["ERR_PASS_TOO_WEAK_2A"]) . "</li>" : "") . ($pass_min_req[2] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[2] . "</span> " . ($pass_min_req[2] == 1 ? $language["ERR_PASS_TOO_WEAK_3"] : $language["ERR_PASS_TOO_WEAK_3A"]) . "</li>" : "") . ($pass_min_req[3] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[3] . "</span> " . ($pass_min_req[3] == 1 ? $language["ERR_PASS_TOO_WEAK_4"] : $language["ERR_PASS_TOO_WEAK_4A"]) . "</li>" : "") . ($pass_min_req[4] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[4] . "</span> " . ($pass_min_req[4] == 1 ? $language["ERR_PASS_TOO_WEAK_5"] : $language["ERR_PASS_TOO_WEAK_5A"]) . "</li>" : "") . "<br />" . $language["ERR_PASS_TOO_WEAK_6"] . ":<br /><br /><span style='color:blue;font-weight:bold;'>" . $newpassword . "</span><br />");
}
$un = !empty($new_username) && $new_username != $curu["username"] ? $new_username : $curu["username"];
$multipass = hash_generate(array("salt" => ""), $pass, $un);
$j = $btit_settings["secsui_pass_type"];
$set[] = "`password`=" . sqlesc($multipass[$j]["rehash"]);
$set[] = "`salt`=" . sqlesc($multipass[$j]["salt"]);
$set[] = "`pass_type`=" . sqlesc($j);
$set[] = "`dupe_hash`=" . sqlesc($multipass[$j]["dupehash"]);
$passhash = smf_passgen($un, $pass);
$smfset[] = '`passwd`=' . sqlesc($passhash[0]);
$smfset[] = '`password' . ($FORUMLINK == "smf" ? "S" : "_s") . 'alt`=' . sqlesc($passhash[1]);
if ($FORUMLINK == "ipb") {
$ipbhash = ipb_passgen($pass);
IPSMember::save($ipb_fid, array("members" => array("member_login_key" => "", "member_login_key_expire" => "0", "members_pass_hash" => "{$ipbhash['0']}", "members_pass_salt" => "{$ipbhash['1']}")));
}
}
$set[] = "block_comment='" . (isset($_POST["block_comment"]) ? "yes" : "no") . "'";
$set[] = "sbox='" . (isset($_POST["sbox"]) ? "yes" : "no") . "'";
//user images
$set[] = "dona='" . (isset($_POST["dona"]) ? "yes" : "no") . "'";
$set[] = "donb='" . (isset($_POST["donb"]) ? "yes" : "no") . "'";
$set[] = "birt='" . (isset($_POST["birt"]) ? "yes" : "no") . "'";
$set[] = "mal='" . (isset($_POST["mal"]) ? "yes" : "no") . "'";
$set[] = "fem='" . (isset($_POST["fem"]) ? "yes" : "no") . "'";
$set[] = "war='" . (isset($_POST["war"]) ? "yes" : "no") . "'";
$set[] = "bann='" . (isset($_POST["bann"]) ? "yes" : "no") . "'";
$set[] = "par='" . (isset($_POST["par"]) ? "yes" : "no") . "'";
$set[] = "bot='" . (isset($_POST["bot"]) ? "yes" : "no") . "'";
if (substr($GLOBALS["FORUMLINK"], 0, 3) == "smf") {
$passhash = smf_passgen($CURUSER["username"], $_POST["new_pwd"]);
do_sqlquery("UPDATE `{$db_prefix}members` SET `passwd`='{$passhash['0']}', `password" . ($GLOBALS["FORUMLINK"] == "smf" ? "S" : "_s") . "alt`='{$passhash['1']}' WHERE " . ($GLOBALS["FORUMLINK"] == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $arr["smf_fid"], true);
} elseif ($GLOBALS["FORUMLINK"] == "ipb") {
if (!defined('IPS_ENFORCE_ACCESS')) {
define('IPS_ENFORCE_ACCESS', true);
}
if (!defined('IPB_THIS_SCRIPT')) {
define('IPB_THIS_SCRIPT', 'public');
}
require_once $THIS_BASEPATH . '/ipb/initdata.php';
require_once IPS_ROOT_PATH . 'sources/base/ipsRegistry.php';
require_once IPS_ROOT_PATH . 'sources/base/ipsController.php';
$registry = ipsRegistry::instance();
$registry->init();
$ipbhash = ipb_passgen($_POST["new_pwd"]);
IPSMember::save($arr["ipb_fid"], array("members" => array("member_login_key" => "", "member_login_key_expire" => "0", "members_pass_hash" => "{$ipbhash['0']}", "members_pass_salt" => "{$ipbhash['1']}")));
}
success_msg($language["PWD_CHANGED"], "" . $language["NOW_LOGIN"] . "<br /><a href=\"index.php?page=login\">Go</a>");
stdfoot(true, false);
exit;
}
}
break;
case '':
case 'change':
default:
$pwdtpl = array();
$pwdtpl["frm_action"] = "index.php?page=usercp&do=pwd&action=post&uid=" . $uid . "";
$pwdtpl["frm_cancel"] = "index.php?page=usercp&uid=" . $uid . "";
$usercptpl->set("pwd", $pwdtpl);
fwrite($fd, $lang_data);
fclose($fd);
if (!defined('IPS_ENFORCE_ACCESS')) {
define('IPS_ENFORCE_ACCESS', true);
}
if (!defined('IPB_THIS_SCRIPT')) {
define('IPB_THIS_SCRIPT', 'public');
}
require_once dirname(__FILE__) . '/ipb/initdata.php';
require_once IPS_ROOT_PATH . 'sources/base/ipsRegistry.php';
require_once IPS_ROOT_PATH . 'sources/base/ipsController.php';
$registry = ipsRegistry::instance();
$registry->init();
$l_username = strtolower($username);
$seo_username = IPSText::makeSeoTitle($username);
$ipbpass = ipb_passgen($password);
@mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO `{$ipb_prefix}members` (`member_id`,`name`, `member_group_id`, `email`, `joined`, `ip_address`, `allow_admin_mails`, `time_offset`, `language`, `members_display_name`, `members_seo_name`, `members_created_remote`, `members_l_display_name`, `members_l_username`, `members_pass_hash`, `members_pass_salt`, `bday_day`, `bday_month`, `bday_year`, `msg_show_notification`, `last_visit`, `last_activity`, `posts`) VALUES (2, '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', 8, '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $email) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', UNIX_TIMESTAMP(), '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $_SERVER["REMOTE_ADDR"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', 1, 0, 1, '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $seo_username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', 1, '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $l_username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $l_username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $ipbpass[0]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $ipbpass[1]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', 0, 0, 0, 1, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), 1)");
@mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO `{$ipb_prefix}pfields_content` (`member_id`) VALUES (2)");
@mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO `{$ipb_prefix}profile_portal` (`pp_member_id`, `pp_setting_count_friends`, `pp_setting_count_comments`) VALUES (2, 1, 1)");
@mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE `{$ipb_prefix}forums` SET `last_poster_id`='2', `last_poster_name`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "' WHERE `id`=2");
@mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE `{$ipb_prefix}posts` SET `author_id`= '2', `author_name`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "' WHERE `pid`=1");
@mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE `{$ipb_prefix}topics` SET `starter_id`='2', `last_poster_id`='2', `starter_name`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', `last_poster_name`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', `seo_last_name`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $seo_username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', `seo_first_name`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $seo_username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "' WHERE `tid`=1");
$myres = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT `cs_value` FROM `{$ipb_prefix}cache_store` WHERE `cs_key`='stats'");
$myrow = mysqli_fetch_assoc($myres);
$in = unserialize($myrow["cs_value"]);
$in["mem_count"] = 1;
$in["last_mem_name"] = $username;
$in["last_mem_id"] = 2;
$in["last_mem_name_seo"] = $seo_username;
$out = serialize($in);
@mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE `{$ipb_prefix}cache_store` SET `cs_value`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $out) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "' WHERE `cs_key`='stats'");
} elseif ($GLOBALS["FORUMLINK"] == "ipb") {
if (!defined('IPS_ENFORCE_ACCESS')) {
define('IPS_ENFORCE_ACCESS', true);
}
if (!defined('IPB_THIS_SCRIPT')) {
define('IPB_THIS_SCRIPT', 'public');
}
if (!isset($THIS_BASEPATH) || empty($THIS_BASEPATH)) {
$THIS_BASEPATH = dirname(__FILE__);
}
require_once $THIS_BASEPATH . '/ipb/initdata.php';
require_once IPS_ROOT_PATH . 'sources/base/ipsRegistry.php';
require_once IPS_ROOT_PATH . 'sources/base/ipsController.php';
$registry = ipsRegistry::instance();
$registry->init();
$ipbhash = ipb_passgen($newpassword);
IPSMember::save($arr["ipb_fid"], array("members" => array("member_login_key" => "", "member_login_key_expire" => "0", "members_pass_hash" => "{$ipbhash['0']}", "members_pass_salt" => "{$ipbhash['1']}")));
}
$body = sprintf($language["RECOVER_EMAIL_2"], $arr["username"], $newpassword, "{$BASEURL}/index.php?page=login", $SITENAME);
send_mail($email, "{$SITENAME} " . $language["ACCOUNT_DETAILS"], $body) or stderr($language["ERROR"], $language["ERR_SEND_EMAIL"]);
redirect("index.php?page=recover&act=recover_ok&id={$id}&random={$random}");
die;
} elseif ($act == "recover_ok") {
$id = intval(0 + $_GET["id"]);
$random = intval($_GET["random"]);
if (!$id || !$random || empty($random) || $random == 0) {
stderr($language["ERROR"], $language["ERR_UPDATE_USER"]);
}
$res = do_sqlquery("SELECT `username`, `email`, `random`" . (substr($GLOBALS["FORUMLINK"], 0, 3) == "smf" ? ", `smf_fid`" : "") . " FROM `{$TABLE_PREFIX}users` WHERE `id` = {$id}", true);
$arr = mysqli_fetch_array($res);
if ($random != $arr["random"]) {
