echo "Please <a href=\"../users.php?id=" . $user_id . "\">click here</a><br>\n";
            echo "</h2>\n";
            echo "</body>\n</html>\n\n";
            die;
        }
    }
}
if ($crc == md5($HTTP_USER_AGENT . $ts . CRC_SALT_0007)) {
    $da_username = $username;
    if ($da_username != $user->user_name) {
        echo "Hmm? hijacking pages ?";
        die;
    }
    $da_emailaddy = $email;
    $da_newmail = $newemail;
    if (is_email_locked($LOCK_EMAILCHG, $da_newmail)) {
        echo "<h2>\n";
        echo "Your new e-mail CANNOT be '{$da_newmail}' (Unallowed).<br>\n";
        echo "<a href=\"javascript:history.go(-1);\">Go Back</a><br>\n";
        echo "</h2>\n";
        echo "</body>\n</html>\n\n";
        die;
    }
    $email_nreg = pg_safe_exec("select * from noreg where lower(email) = '" . strtolower($da_newmail) . "'");
    if (pg_numrows($email_nreg) > 0) {
        echo "<h2>\n";
        echo "Your new e-mail CANNOT be '{$da_newmail}' (NOREG).<br>\n";
        echo "<a href=\"javascript:history.go(-1);\">Go Back</a><br>\n";
        echo "</h2>\n";
        echo "</body>\n</html>\n\n";
        die;
Example #2
0
if ($admin > 0 || acl(XAT_CAN_EDIT) || $nrw_lvl > 0) {
    $unf = pg_safe_exec("select * from noreg where type=4 and lower(user_name)='" . strtolower($user->user_name) . "'");
    if (pg_numrows($unf) > 0 || (int) $user->flags & 0x8) {
        echo "<tr><td colspan=2 bgcolor=#" . $cTheme->main_frauduser . "><font color=#" . $cTheme->table_maintextcolor . " size=-1><em><b><center>~ This account is in FRAUD USERNAMES";
        if (pg_numrows($unf) > 0) {
            $unfobj = pg_fetch_object($unf, 0);
            $da_reason = $unfobj->reason;
            echo " - Reason : </b>" . $da_reason . "<b>";
        }
        echo " ~</center></em></b></font></td></tr>\n";
    }
    $unf2 = pg_safe_exec("select * from noreg where type<4 and lower(user_name)='" . strtolower($user->user_name) . "' OR lower(email)='" . strtolower($user->email) . "'");
    if (pg_numrows($unf2) > 0) {
        echo "<tr><td colspan=2 bgcolor=#" . $cTheme->table_tr_enlighten . "><font color=#" . $cTheme->main_textcolor . " size=-1><em><b><center>~ This account is in NOREG (user or email) ~</center></em></b></font></td></tr>\n";
    }
    if (is_email_locked(1, $user->email) || is_email_locked(2, $user->email) || is_email_locked(4, $user->email) || is_email_locked(8, $user->email)) {
        echo "<tr><td colspan=2 bgcolor=#" . $cTheme->table_tr_enlighten2 . "><font color=#" . $cTheme->table_headtextcolor . " size=-1><em><b><center>~ This account is in DOMAIN LOCK (email addy) ~</center></em></b></font></td></tr>\n";
    }
}
echo "<tr><td colspan=2 bgcolor=#" . $cTheme->table_sepcolor . "><font size=-1 color=#" . $cTheme->table_septextcolor . "><em><b>User Information</b></em></td></tr>";
if (!$edit) {
    //if ($admin>0) { local_seclog("View '" . $user->user_name . "' (" . $user->id . ")"); }
    if ($id == $user_id || ($admin > 0 || acl(XAT_CAN_EDIT))) {
        echo "<TR><TD><font size=-1><b>Email</b></td><td><font size=-1> " . $user->email . "</font><FONT COLOR=#" . $cTheme->main_textlight . " size=-1> (Hidden from public)</td></tr>";
    }
    // Only show for self or admin
    if ($user->url != "") {
        if ($user->url != "" && !ereg("^http://", $user->url)) {
            echo "<tr><td><font size=-1><b>Homepage</b></td><td><font size=-1><a href=\"http://{$user->url}\" target=\"_blank\">http://" . htmlspecialchars($user->url) . "</a></td></tr>";
        } else {
            echo "<tr><td><font size=-1><b>Homepage</b></td><td><font size=-1><a href=\"{$user->url}\" target=\"_blank\">" . htmlspecialchars($user->url) . "</a></td></tr>";
Example #3
0
echo "<b>Domain/User Lock</b> Checker - <a href=\"./index.php\">Home</a><br><br>\n";
if (ereg("@", $_GET["im"])) {
    // considere it a full email
    if (preg_match("/^[A-Za-z0-9_+-.]+@[A-Za-z0-9.-]+\\.[A-Za-z][A-Za-z]+\$/", $_GET["im"])) {
        if (is_email_locked(-1, $_GET["im"])) {
            echo "<h3>The e-mail address '" . $_GET["im"] . "' is LOCKED by the '" . $LOCK_MATCH . "' entry.</h3>";
        } else {
            echo "<h3>The e-mail address '" . $_GET["im"] . "' is NOT LOCKED by the DomainLock system.</h3>";
        }
    } else {
        echo "<h3>Invalid e-mail address, try again !</h3>\n";
    }
} else {
    // considere it a domain name
    if (preg_match("/^[A-Za-z0-9.-]+\\.[A-Za-z][A-Za-z]+\$/", $_GET["im"])) {
        if (is_email_locked(-1, "!!!@" . $_GET["im"])) {
            echo "<h3>The domain name '" . $_GET["im"] . "' is LOCKED by the '" . $LOCK_MATCH . "' entry.</h3>";
        } else {
            echo "<h3>The domain name '" . $_GET["im"] . "' is NOT LOCKED by the DomainLock system.</h3>";
        }
    } else {
        echo "<h3>Invalid domain name, try again !</h3>\n";
    }
}
echo "<br><br><a href=\"index.php\">go back !</a><br>\n";
?>
</body>
</html>


Example #4
0
 // Added more email validation checks.  The email must contain an @, it must have atleast one character before the @ and it must
 // contain atleast one . and there must be atleast 2 characters trailing the final . and there is no _ in the hostname section.  Just
 // RFC enforcement checking.
 if (!preg_match("/^[A-Za-z0-9_+-.]+@[A-Za-z0-9.-]+\\.[A-Za-z][A-Za-z]+\$/", $email)) {
     $failed = 1;
     if ($first_error) {
         std_theme_styles(1);
         std_theme_body();
         echo $headerz;
         $first_error = 0;
     }
     echo "<p><font color=\"#" . $cTheme->main_warnmsg . "\">The email address is invalid.</font>  It must contain a @, it must be from a valid domain, and it can only contain alpha-numeric ";
     echo "characters (a-zA-Z0-9) or the . or - character.</p>";
 }
 // Now we have to go to the database.  First to see if the email domain is valid, then to see if it's in use.
 if (is_email_locked($LOCK_USERNAME, $email)) {
     $failed = 1;
     if ($first_error) {
         std_theme_styles(1);
         std_theme_body();
         echo $headerz;
         $first_error = 0;
     }
     echo "<p><font color=\"#" . $cTheme->main_warnmsg . "\">You are not allowed to create a username using this email account ({$email}).</p>";
 }
 $email_dbh = pg_safe_exec("select user_name from users where lower(email) = '{$lowemail}'");
 if (pg_numrows($email_dbh) > 0) {
     $failed = 1;
     if ($first_error) {
         std_theme_styles(1);
         std_theme_body();
Example #5
0
unset($lhmask);
if (REGPROC_IDLECHECK && is_irc_idled($user_id, 21)) {
    echo "<html><head><title>REGISTRATION PROCESS</title>";
    std_theme_styles();
    echo "</head>\n";
    std_theme_body("../");
    echo "<b>CHANNEL SERVICE REGISTRATION PROCESS</b><br><hr noshade size=2><br>\n";
    echo "<h2>You must login to " . BOT_NAME . " on IRC to apply to register a channel.<br></h2>\n";
    echo "<br>\n";
    echo "Then <a href=\"javascript:history.go(-1);\">go back</a> and repost the form.<br>\n";
    echo "</body></html>\n\n";
    die;
}
$ress = pg_safe_exec("SELECT email FROM users WHERE id='{$user_id}'");
$rooo = pg_fetch_object($ress, 0);
if (is_email_locked($LOCK_REGPROC, $rooo->email)) {
    echo "<html><head><title>REGISTRATION PROCESS</title>";
    std_theme_styles();
    echo "</head>\n";
    std_theme_body("../");
    echo "Sorry, you can't register a channel using your current e-mail address.<br>\n";
    echo "You can request a modification of your email-in-record by <a href=\"../forms/emailchange.php\">clicking here</a>.";
    echo "</body></html>\n\n";
    die;
}
$rsts = pg_safe_exec("SELECT signup_ts FROM users WHERE id=" . (int) $user_id);
$rsto = pg_fetch_object($rsts);
if ((int) $rsto->signup_ts > 0) {
    $now = time();
    $days_elapsed = (int) ((int) ($now - (int) $rsto->signup_ts) / 86400);
    if ($days_elapsed < MIN_DAYS_BEFORE_REG) {
Example #6
0
     header("Pragma: no-cache");
     echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">\n";
     echo "<html>\n";
     echo "<head><title>Error</title>";
     std_theme_styles();
     echo "</head>";
     std_theme_body();
     echo "<font size=+0>\n";
     echo "You have been globally suspended by a Cservice Administrator, you can't login.<br><br>";
     echo "<a href=\"index.php\" target=\"_top\">click here</a>.<br>\n";
     echo "</font></body></html>\n\n";
     die;
 }
 $ress = pg_safe_exec("SELECT tz_setting,email FROM users WHERE id='{$user_id}'");
 $rooo = pg_fetch_object($ress, 0);
 if (is_email_locked($LOCK_LOGIN, $rooo->email)) {
     header("Pragma: no-cache");
     echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">\n";
     echo "<html><head><title>REGISTRATION PROCESS</title>\n";
     std_theme_styles();
     echo "</head>";
     std_theme_body();
     echo "Sorry, you can't login using your current e-mail address.<br>\n";
     echo "You will need to <b>/join " . SERVICE_CHANNEL . "</b> in order to deal with this problem.";
     echo "</body></html>\n\n";
     die;
 }
 $tz_setting = trim($rooo->tz_setting);
 /*
 	unset($ress);
 	$ress = pg_safe_exec("SELECT * FROM noreg WHERE lower(user_name)='" . strtolower($username) . "' AND type=4");
     echo "</body>\n</html>\n\n";
     die;
 }
 $res2 = pg_safe_exec("SELECT id,email,user_name FROM users WHERE lower(user_name)='" . strtolower($new_manager) . "'");
 if (pg_numrows($res2) == 0) {
     echo "<h2>\n";
     echo "The new manager needs to be a valid CService username.<br>\n";
     echo "<a href=\"javascript:history.go(-1);\">Go Back</a><br>\n";
     echo "</h2>\n";
     echo "</body>\n</html>\n\n";
     die;
 }
 $newmgr = pg_fetch_object($res2, 0);
 $new_manager_email = $newmgr->email;
 $new_manager_id = $newmgr->id;
 if (is_email_locked(2, $new_manager_email)) {
     echo "<h2>\n";
     echo "The new manager has an invalid e-mail address that cannot be owner of a channel (LOCKED).<br>\n";
     echo "<a href=\"javascript:history.go(-1);\">Go Back</a><br>\n";
     echo "</h2>\n";
     echo "</body>\n</html>\n\n";
     die;
 }
 $channel = str_replace("\\\\'", "'", $channel);
 $blah = pg_safe_exec("SELECT id FROM channels WHERE lower(name)='" . strtolower($channel) . "' AND registered_ts>0");
 if (pg_numrows($blah) == 0) {
     echo "<h2>Unexistant channel !@#</h2></body></html>\n\n";
     die;
 } else {
     $roo = pg_fetch_object($blah, 0);
     $channel_id = $roo->id;
Example #8
0
    }
    if ($check_invalid && !file_exists("../testnet")) {
        echo "<h2>All your supporters must login to " . BOT_NAME . " on IRC to apply to register a channel.<br><br>Have all your supporters login to " . BOT_NAME . ", then try again posting the form.</h2>\n";
        echo "<br>\n";
        echo "<br><br><a href=\"javascript:reg_form();\">Go back to form</a>.\n";
        echo "</body></html>\n\n";
        die;
    }
}
$check_invalid = 0;
$s_index = 0;
for ($x = 0; $x < REQUIRED_SUPPORTERS; $x++) {
    $res = pg_safe_exec("SELECT email FROM users WHERE lower(users.user_name)='" . strtolower($supporters[$x]) . "'");
    $row = pg_fetch_object($res, 0);
    $email = strtolower($row->email);
    if (is_email_locked($LOCK_REGPROC, $email)) {
        $check_invalid = 1;
        $badmail_supids[$s_index] = $x;
        $s_index++;
    }
}
if ($check_invalid) {
    echo "<h2>One or more of your supporters is using an invalid email address.<br></h2>\n";
    echo "<br>\n";
    echo "List of invalid supporters :<br>\n";
    for ($x = 0; $x < count($badmail_supids); $x++) {
        echo "<li> " . $supporters[$badmail_supids[$x]] . "\n";
        echo "<script language=\"JavaScript1.2\">\n";
        echo "<!--\n";
        echo "document.forms[0].ii_supporter" . $badmail_supids[$x] . ".value='* '+document.forms[0].ii_supporter" . $badmail_supids[$x] . ".value;\n";
        echo "//-->\n";
Example #9
0
         echo "to send you unsolicited email.  It will be used to send you information on how to obtain your ";
         echo "password.<br><br>\n";
         echo "<label>Email Address: <input type=text name=email maxlength=128>\n";
         $jsf .= "\tif (f.email.value == '') { all_ok = false; }\n";
         $jsf .= "\tvar msg = 'Please type in your e-mail address !';\n";
     }
     break;
 case 4:
     if (md5(CRC_SALT_0008 . $_POST["username"] . "UCHECK") != $_POST["username_crc"]) {
         $err .= "<li> <b>Attempt to hack page content !</b> (username)\n";
         $hackpc = 1;
     }
     if (!is_email_valid($_POST["email"])) {
         $err .= "<li> Your e-mail address is invalid.\n";
     }
     if (is_email_locked($LOCK_USERNAME, $_POST["email"])) {
         $err .= "<li> You are not allowed to create an account using this email address (" . $_POST["email"] . ")\n";
     }
     $email_nreg = pg_safe_exec("SELECT * FROM noreg WHERE lower(email)='" . post2db(strtolower($_POST["email"])) . "' and user_name='*'");
     if (pg_numrows($email_nreg) > 0) {
         $err .= "<li> This email account (" . $_POST["email"] . ") is in NOREG, you can't use it for username registration.\n";
     }
     $email_dbh = pg_safe_exec("SELECT user_name FROM users WHERE lower(email)='" . post2db(strtolower($_POST["email"])) . "'");
     if (pg_numrows($email_dbh) > 0) {
         $err .= "<li> There is already an account registered with that email address.<br>You can only have one account per person. If you have lost your password and require a new one to be resent <a href=\"forgotten_pass.php\">click here</a>.\n";
     }
     if ($err != "") {
         err_newuser($err);
     } else {
         echo "<input type=hidden name=is13 value=1>\n";
         echo "<input type=hidden name=username value=\"" . post2input($_POST["username"]) . "\">\n";